Description:
zziplib is an intentionally lightweight library that offers the ability to easily extract data from files archived in a single zip file.
A fuzz on it discovered an a NULL pointer access.
The complete ASan output:
# unzzipcat-seeko $FILE /tmp/portage/dev-libs/zziplib-0.13.62-r1/work/zziplib-0.13.62/zzip/fseeko.c:313: ZZIP_ENTRY *zzip_entry_findfirst(FILE *): Assertion `0 <= root && root < mapsize' failed.
Affected version:
0.13.62
Fixed version:
N/A
Commit fix:
N/A
Credit:
This bug was discovered by Agostino Sarubbo of Gentoo.
CVE:
CVE-2017-5981
Reproducer:
https://github.com/asarubbo/poc/blob/master/00161-zziplib-assertionfailure-seeko_C
Timeline:
2017-01-17: bug discovered and poked upstream
2017-02-09: blog post about the issue
2017-02-13: CVE assigned
Note:
This bug was found with American Fuzzy Lop.
Permalink:
https://blogs.gentoo.org/ago/2017/02/09/zziplib-assertion-failure-in-seeko-c
Pingback: SB17-065: Vulnerability Summary for the Week of February 27, 2017 – sec.uno