Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 06 Feb 2017 12:32:21 +0100
From: Agostino Sarubbo <ago@...too.org>
To: oss-security@...ts.openwall.com
Subject: mupdf: heap-based buffer overflow in fz_subsample_pixmap

Hello,

there in an heap overflow in fz_subsample_pixmap.

The bug was discovered by Kamil Frankowicz which said to have tested it 
against the current git head.
The same testcase does not crash the current stable 1.10a, but I can confirm 
(with a round of fuzzing on 1.10a) that stable is affected.

No fix atm.

Details:
https://bugs.ghostscript.com/show_bug.cgi?id=697515

Reproducer for 1.10a:
https://github.com/asarubbo/poc/blob/master/00148-mupdf-heapoverflow-fz_subsample_pixmap

-- 
Agostino Sarubbo
Gentoo Linux Developer

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ