Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 19 May 2015 11:25:02 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-006] dcraw input sanitization errors

On Mon, 11 May 2015 15:59:55 +0200
Andrea Barisani <lcars@...rt.org> wrote:

> 
> #2015-006 dcraw input sanitization errors
> 
> Description:
> 
> The dcraw photo decoder is an open source project for raw image
> parsing.
> 
> The dcraw tool, as well as several other projects re-using its code,
> suffers from an integer overflow condition which lead to a buffer
> overflow. The vulnerability concerns the 'len' variable, parsed
> without validation from opened images, used in the ljpeg_start()
> function.
> 
> A maliciously crafted raw image file can be used to trigger the
> vulnerability, causing a Denial of Service condition.
> 

Just as a heads-up: This should affect netpbm, too.
https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/converter/other/cameratopam/ljpeg.c

Although there's a check for "len" in line #37, it shouldn't trigger, as
"len" will be negative at that point.

-- 
Stefan Cornelius / Red Hat Product Security

Come talk to Red Hat Product Security at the Summit!
Red Hat Summit 2015 - https://www.redhat.com/summit/

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ