Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Tue, 13 Sep 2016 18:50:06 +0200
From: Solar Designer <solar@...nwall.com>
To: "vul @ 724safe" <vul@...safe.com>
Cc: oss-security@...ts.openwall.com
Subject: Re: Heapoverflow in giflib5.1.4

On Tue, Sep 13, 2016 at 11:20:08PM +0800, vul @ 724safe wrote:
> With Address Sanitizer there is aa heap overflow in giflib 5.1.4
> More details are available at:
> https://sourceforge.net/p/giflib/bugs/102/

When posting to oss-security, please include the actual detail right in
your posting (up to 200 KB including MIME overhead, but of course try to
keep it smaller than that if at all practical) - not only via external
links.  I've attached the content of the above link now.  Luckily, this
one PoC GIF file is tiny:

$ base64 poc
R0lGODdhKP9/AADZACwAHQAAKAAAAPngp5Lb5QAD4wAAAgAAOwAd

Ideally, you would also investigate and patch issues found by ASan,
rather than merely include its output, but I realize we can't actually
expect anything specific from volunteers.  So whatever we've got.

Thanks,

Alexander

View attachment "giflib-102-Heap_overflow_in_gif2rgb.c.txt" of type "text/plain" (2519 bytes)

Download attachment "poc" of type "application/octet-stream" (39 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ