Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <20150519112502.211e3f39@redhat.com>
Date: Tue, 19 May 2015 11:25:02 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Subject: Re: [oCERT-2015-006] dcraw input sanitization errors

On Mon, 11 May 2015 15:59:55 +0200
Andrea Barisani <lcars@...rt.org> wrote:

> 
> #2015-006 dcraw input sanitization errors
> 
> Description:
> 
> The dcraw photo decoder is an open source project for raw image
> parsing.
> 
> The dcraw tool, as well as several other projects re-using its code,
> suffers from an integer overflow condition which lead to a buffer
> overflow. The vulnerability concerns the 'len' variable, parsed
> without validation from opened images, used in the ljpeg_start()
> function.
> 
> A maliciously crafted raw image file can be used to trigger the
> vulnerability, causing a Denial of Service condition.
> 

Just as a heads-up: This should affect netpbm, too.
https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/converter/other/cameratopam/ljpeg.c

Although there's a check for "len" in line #37, it shouldn't trigger, as
"len" will be negative at that point.

-- 
Stefan Cornelius / Red Hat Product Security

Come talk to Red Hat Product Security at the Summit!
Red Hat Summit 2015 - https://www.redhat.com/summit/

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.