Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue, 12 Nov 2019 13:17:50 +0100
From: pgajdos <pgajdos@...e.cz>
To: oss-security@...ts.openwall.com
Subject: Re: CVE-2019-2201: libjpeg-turbo: code execution

On Mon, Nov 11, 2019 at 05:49:45PM +0100, Wolfgang Frisch wrote:
> > Program received signal SIGSEGV, Segmentation fault.
> > 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > (gdb) bt
> > #0  0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6
> > #1  0x0000555555558f7a in memset (__len=18446744071562074395, __ch=127, __dest=<optimized out>) at /usr/include/bits/string_fortified.h:71
> > #2  decomp (srcBuf=0x0, jpegBuf=0x7fffffffd8e0, jpegSize=0x7fffffffd8e8, dstBuf=<optimized out>, w=26755, h=26755, subsamp=2, jpegQual=0, 
> >     fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755", tilew=26755, tileh=26755) at /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:174
> > #3  0x0000555555557103 in decompTest (fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755") at /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:712
> > #4  main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:1003
> 
> We identified that it crashed on writing to a libc.so mapping.

https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388

Petr

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.