[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] imageworsener: memory allocation failure in my_mallocfn (imagew-cmd.c)
From: "Agostino Sarubbo" <ago () gentoo ! org>
Date: 2017-04-30 9:11:02
Message-ID: 479277.612964751-sendEmail () localhost
[Download RAW message or body]
------MIME delimiter for sendEmail-238982.946685613
Content-Type: text/plain;
charset="UTF-8"
Content-Transfer-Encoding: 7bit
Description:
imageworsener is a utility for image scaling and processing.
There is a memory allocation failure, I will show the interesting ASan output,
# imagew $FILE /tmp/out -outfmt bmp
#8 0x551fc0 in my_mallocfn \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-cmd.c:794:9 #9 \
0x7f37f140c9ae in iw_malloc_ex \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-util.c:48:8 #10 \
0x7f37f140cdec in iw_malloc_large \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-util.c:77:9 #11 \
0x7f37f136d66c in bmpr_read_uncompressed \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-bmp.c:665:32 \
#12 0x7f37f134ce64 in iwbmp_read_bits \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-bmp.c:910:7 #13 \
0x7f37f134ce64 in iw_read_bmp_file \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-bmp.c:980 #14 \
0x7f37f1349f94 in iw_read_file_by_fmt \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-allfmts.c:66:12 \
#15 0x519304 in iwcmd_run \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-cmd.c:1191:6 \
#16 0x515326 in iwcmd_main \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-cmd.c:3018:7 \
#17 0x515326 in main \
/tmp/portage/media-gfx/imageworsener-1.3.0/work/imageworsener-1.3.0/src/imagew-cmd.c:3067 #18 \
0x7f37f035178f in __libc_start_main \
/tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289 #19 0x41b028 \
in _init (/usr/bin/imagew+0x41b028)
Affected version:
1.3.0
Fixed version:
1.3.1
Commit fix:
https://github.com/jsummers/imageworsener/commit/86564051db45b466e5f667111ce00b5eeedc8fb6
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
CVE:
CVE-2017-8327
Reproducer:
https://github.com/asarubbo/poc/blob/master/00276-imageworsener-memallocfailure
Timeline:
2017-04-13: bug discovered and reported to upstream
2017-04-12: upstream released a patch for another issue that fixes this issue too
2017-04-27: blog post about the issue
2017-04-29: CVE assigned
Note:
This bug was found with American Fuzzy Lop.
Permalink:
https://blogs.gentoo.org/ago/2017/04/27/imageworsener-memory-allocation-failure-in-my_mallocfn-imagew-cmd-c/
--
Agostino Sarubbo
Gentoo Linux Developer
------MIME delimiter for sendEmail-238982.946685613--
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic