[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] CVE-2019-2201: libjpeg-turbo: code execution
From:       pgajdos <pgajdos () suse ! cz>
Date:       2019-11-12 12:17:50
Message-ID: 20191112121750.GA15193 () laura ! suse ! cz
[Download RAW message or body]

On Mon, Nov 11, 2019 at 05:49:45PM +0100, Wolfgang Frisch wrote:
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > (gdb) bt
> > #0  0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > #1  0x0000555555558f7a in memset (__len=18446744071562074395, __ch=127, __dest=<optimized \
> > out>) at /usr/include/bits/string_fortified.h:71 #2  decomp (srcBuf=0x0, \
> > jpegBuf=0x7fffffffd8e0, jpegSize=0x7fffffffd8e8, dstBuf=<optimized out>, w=26755, h=26755, \
> > subsamp=2, jpegQual=0,  fileName=0x7fffffffdfaa \
> > "CVE-2019-2201-reproducer-SEGFAULT-26755x26755", tilew=26755, tileh=26755) at \
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:174 #3  0x0000555555557103 in \
> > decompTest (fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755") at \
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:712 #4  main (argc=<optimized \
> > out>, argv=<optimized out>) at \
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:1003
> 
> We identified that it crashed on writing to a libc.so mapping.

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Petr


[prev in list] [next in list] [prev in thread] [next in thread]