Date: Tue, 19 May 2015 11:25:02 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: [oCERT-2015-006] dcraw input sanitization errors On Mon, 11 May 2015 15:59:55 +0200 Andrea Barisani <lcars@...rt.org> wrote: > > #2015-006 dcraw input sanitization errors > > Description: > > The dcraw photo decoder is an open source project for raw image > parsing. > > The dcraw tool, as well as several other projects re-using its code, > suffers from an integer overflow condition which lead to a buffer > overflow. The vulnerability concerns the 'len' variable, parsed > without validation from opened images, used in the ljpeg_start() > function. > > A maliciously crafted raw image file can be used to trigger the > vulnerability, causing a Denial of Service condition. > Just as a heads-up: This should affect netpbm, too. https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/converter/other/cameratopam/ljpeg.c Although there's a check for "len" in line #37, it shouldn't trigger, as "len" will be negative at that point. -- Stefan Cornelius / Red Hat Product Security Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ