Date: Tue, 19 May 2015 11:25:02 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: oss-security@...ts.openwall.com Subject: Re: [oCERT-2015-006] dcraw input sanitization errors On Mon, 11 May 2015 15:59:55 +0200 Andrea Barisani <lcars@...rt.org> wrote: > > #2015-006 dcraw input sanitization errors > > Description: > > The dcraw photo decoder is an open source project for raw image > parsing. > > The dcraw tool, as well as several other projects re-using its code, > suffers from an integer overflow condition which lead to a buffer > overflow. The vulnerability concerns the 'len' variable, parsed > without validation from opened images, used in the ljpeg_start() > function. > > A maliciously crafted raw image file can be used to trigger the > vulnerability, causing a Denial of Service condition. > Just as a heads-up: This should affect netpbm, too. https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/converter/other/cameratopam/ljpeg.c Although there's a check for "len" in line #37, it shouldn't trigger, as "len" will be negative at that point. -- Stefan Cornelius / Red Hat Product Security Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.