Date: Tue, 13 Sep 2016 18:50:06 +0200 From: Solar Designer <solar@...nwall.com> To: "vul @ 724safe" <vul@...safe.com> Cc: oss-security@...ts.openwall.com Subject: Re: Heapoverflow in giflib5.1.4 On Tue, Sep 13, 2016 at 11:20:08PM +0800, vul @ 724safe wrote: > With Address Sanitizer there is aa heap overflow in giflib 5.1.4 > More details are available at: > https://sourceforge.net/p/giflib/bugs/102/ When posting to oss-security, please include the actual detail right in your posting (up to 200 KB including MIME overhead, but of course try to keep it smaller than that if at all practical) - not only via external links. I've attached the content of the above link now. Luckily, this one PoC GIF file is tiny: $ base64 poc R0lGODdhKP9/AADZACwAHQAAKAAAAPngp5Lb5QAD4wAAAgAAOwAd Ideally, you would also investigate and patch issues found by ASan, rather than merely include its output, but I realize we can't actually expect anything specific from volunteers. So whatever we've got. Thanks, Alexander View attachment "giflib-102-Heap_overflow_in_gif2rgb.c.txt" of type "text/plain" (2519 bytes) Download attachment "poc" of type "application/octet-stream" (39 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ