[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] CVE-2019-2201: libjpeg-turbo: code execution
From: pgajdos <pgajdos () suse ! cz>
Date: 2019-11-12 12:17:50
Message-ID: 20191112121750.GA15193 () laura ! suse ! cz
[Download RAW message or body]
On Mon, Nov 11, 2019 at 05:49:45PM +0100, Wolfgang Frisch wrote:
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > (gdb) bt
> > #0 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > #1 0x0000555555558f7a in memset (__len=18446744071562074395, __ch=127, __dest=<optimized \
> > out>) at /usr/include/bits/string_fortified.h:71 #2 decomp (srcBuf=0x0, \
> > jpegBuf=0x7fffffffd8e0, jpegSize=0x7fffffffd8e8, dstBuf=<optimized out>, w=26755, h=26755, \
> > subsamp=2, jpegQual=0, fileName=0x7fffffffdfaa \
> > "CVE-2019-2201-reproducer-SEGFAULT-26755x26755", tilew=26755, tileh=26755) at \
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:174 #3 0x0000555555557103 in \
> > decompTest (fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755") at \
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:712 #4 main (argc=<optimized \
> > out>, argv=<optimized out>) at \
> > /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:1003
>
> We identified that it crashed on writing to a libc.so mapping.
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388
Petr
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic