Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 31 Dec 2015 13:42:46 -0500
From: Glenn Randers-Pehrson <glennrp@...il.com>
To: cve-assign@...re.org, oss-security@...ts.openwall.com
Cc: Brian Carpenter <brian.carpenter@...il.com>
Subject: CVE request: pngcrush-1.3.35 through 1.7.88 segfault when run with
 "-loco" option

I am requsting a CVE for the following vulnerability in pngcrush.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Pngcrush versions 1.7.35 through 1.7.88 will segfault when run with
the "-loco" option and multiple trials.  This is due to attempting to
write to a file that has not yet been opened.

The vulnerability can be exploited trivially to create a Denial of Service.
Remote exploit is possible if the application accepts remote input and
accepts the "-loco" option.  No specially crafted PNG file is needed; any
valid PNG file can be used in an attack.

The bug was discovered by Brian Carpenter using AFL, and is fixed in
pngcrush-1.7.91, which was released on December 31, 2015.

Glenn Randers-Pehrson
pngcrush author and maintainer
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJWhXTvAAoJEPVJhL+hbGQP6vkP/1fqKQBMXffpVZEJ1DzmTeo5
+F0mLYhRax0xKvvOBFw3jvmCF7Wr7FATXEjUiHc3u9FNeIQwmLosBvCajnWYhExC
jjiweKt7ZBg/7NPFLEcKFtVASjQCkSMFTsWO6jWi1PIxJYztp/BGT1FB/H3ecrUZ
IHwReuFu3qnjB9hbUy9pbrJmeVSyQY1DWnFwLFJ8PaMrHpvJfXiraPHNaR4WDDDp
PgmxVF8GrpINh8oBZP1gLlBiSsiAUvt6C4Bpr/LaMrP/6nnPBW0y3bptGorxa5gY
4Z2k/P+12lU15oV//RG1gYGAE5R7I2fteOLA0ES1Xsvw6re8tJ0oEl9SWmhCBBAj
n2C3sCLhK619/KHWx6tety9N5ZCBHdrk6hwYzLVFVLOLmHPyrhhJCI+HJeKde4nw
BhruvP+iuhxqjCDoHPoxLnK5FMdYxrGn2vB2lq6AGjFuKtd7Nb2hTsYZu7bnGWYQ
dpNiVruRkdABLm621twGdU3GN45DwgfTy8kucypPmkxhmUgz2z30EExNcS1r0ph2
ywmCUz11jYH4oJIrZE3LNSPzuT3zymBmwENbY5GYbAnAYnjbVyy/HcIrp9+eALxZ
EkO4hGAFidhijHn8NnMpQI9EIoNMPhiJN9fYKfO56GNFysKEFBeOwzOLIuAYQQb+
v0R8JFw32Xm4ULrDjXk3
=Lm3P
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ