[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] imageworsener: two left shift
From:       "Agostino Sarubbo" <ago () gentoo ! org>
Date:       2017-04-30 9:11:39
Message-ID: 987945.267788263-sendEmail () localhost
[Download RAW message or body]

------MIME delimiter for sendEmail-253533.920812519
Content-Type: text/plain;
        charset="UTF-8"
Content-Transfer-Encoding: 7bit

Description:
imageworsener is a utility for image scaling and processing.

There are two left shift visible with UbSan enabled.

# imagew $FILE /tmp/out -outfmt bmp
src/imagew-util.c:415:68: runtime error: left shift of 255 by 24 places cannot be represented in type 'int'
src/imagew-bmp.c:427:10: runtime error: left shift of 1 by 31 places cannot be represented in type 'int'
Affected version:
1.3.0

Fixed version:
1.3.1

Commit fix:
https://github.com/jsummers/imageworsener/commit/a00183107d4b84bc8a714290e824ca9c68dac738

Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.

CVE:
CVE-2017-8326

Reproducer:
https://github.com/asarubbo/poc/blob/master/00271-imageworsener-leftshift

Timeline:
2017-04-13: bug discovered and reported to upstream
2017-04-22: upstream released a patch
2017-04-27: blog post about the issue
2017-04-29: CVE assigned

Note:
This bug was found with American Fuzzy Lop.

Permalink:
https://blogs.gentoo.org/ago/2017/04/27/imageworsener-two-left-shift/

--
Agostino Sarubbo
Gentoo Linux Developer


------MIME delimiter for sendEmail-253533.920812519--

[prev in list] [next in list] [prev in thread] [next in thread]