Date: Thu, 20 Apr 2017 16:26:16 +0200 From: Andrej Nemec <anemec@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Hello folks, While going through our assigned CVEs it was found that this one was allocated but never reported by the original researcher to the public list. I am going to list as much information as possible below. Credits for the findings go to "Meifang, Yang @VARAS of IIE". I advised the researcher to report this issue upstream, however, it seems the communication failed. A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. The problem seems to be line 717 in function image_alloc. Due to the missing check, value of img->data[i] could be NULL and crash the program. Unfortunately, I don't have access to the reproducer. Best Regards, -- Andrej Nemec, Red Hat Product Security 3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ