Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 20 Apr 2017 16:26:16 +0200
From: Andrej Nemec <anemec@...hat.com>
To: oss-security@...ts.openwall.com
Subject: CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc

Hello folks,

While going through our assigned CVEs it was found that this one was
allocated but never reported by the original researcher to the public
list. I am going to list as much information as possible below. Credits
for the findings go to "Meifang, Yang @VARAS of IIE". I advised the
researcher to report this issue upstream, however, it seems the
communication failed.

A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL
pointer dereference issue due to missing check of the return value of
function malloc in the BPG encoder. This vulnerability appeared while
converting a malicious JPEG file to BPG.

The problem seems to be line 717 in function image_alloc. Due to the
missing check, value of img->data[i] could be NULL and crash the program.

Unfortunately, I don't have access to the reproducer.

Best Regards,

-- 
Andrej Nemec, Red Hat Product Security
3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA




Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ