Date: Thu, 20 Apr 2017 16:26:16 +0200 From: Andrej Nemec <anemec@...hat.com> To: oss-security@...ts.openwall.com Subject: CVE-2017-2575 libbpg: NULL pointer dereference in image_alloc Hello folks, While going through our assigned CVEs it was found that this one was allocated but never reported by the original researcher to the public list. I am going to list as much information as possible below. Credits for the findings go to "Meifang, Yang @VARAS of IIE". I advised the researcher to report this issue upstream, however, it seems the communication failed. A vulnerability was found while fuzzing libbpg 0.9.7. It is a NULL pointer dereference issue due to missing check of the return value of function malloc in the BPG encoder. This vulnerability appeared while converting a malicious JPEG file to BPG. The problem seems to be line 717 in function image_alloc. Due to the missing check, value of img->data[i] could be NULL and crash the program. Unfortunately, I don't have access to the reproducer. Best Regards, -- Andrej Nemec, Red Hat Product Security 3701 3214 E472 A9C3 EFBE 8A63 8904 44A1 D57B 6DDA Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.