Monthly Archives: September 2017

binutils: heap-based buffer overflow in read_1_byte (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==3235==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x613000000512 at pc 0x7f7c93ae3c88 bp … Continue reading

Posted in advisories, security | 1 Comment

binutils: NULL pointer dereference in scan_unit_for_symbols (dwarf2.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==491==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f6e3316d573 bp … Continue reading

Posted in advisories, security | Leave a comment

binutils: memory allocation failure in _bfd_elf_slurp_version_tables (elf.c)

Description: binutils is a set of tools necessary to build programs. This issue was initially discovered because the nm process eat ~230GB of ram. Later on, another testcase hits the issue and now I have a stracktrace. The relevant ASan … Continue reading

Posted in advisories, security | Leave a comment

binutils: heap-based buffer overflow in _bfd_x86_elf_get_synthetic_symtab (elfxx-x86.c)

Description: binutils is a set of tools necessary to build programs. The complete ASan output of the issue: # nm -A -a -l -S -s –special-syms –synthetic –with-symbol-versions -D $FILE ==40547==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61a000000574 at pc 0x0000004c1ca8 bp … Continue reading

Posted in advisories, security | 1 Comment

graphicsmagick: assertion failure in pixel_cache.c

Description: graphicsmagick is a collection of tools and libraries for many image formats. The complete output of the issue: # gm convert $FILE null gm: magick/pixel_cache.c:1089: const PixelPacket AcquireImagePixels(const Image , const long, const long, const unsigned long, const unsigned … Continue reading

Posted in advisories, security | Leave a comment

bladeenc: global buffer overflow in iteration_loop (loop.c)

Description: bladeenc is an mp3 encoder. There is a write overflow by default without a crafted file in the bladeenc command-line tool. The upstream website does not work anymore for me. The complete ASan output of the issue: # bladeenc … Continue reading

Posted in advisories, security | Leave a comment

bento4: stack-based buffer underflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==4435==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7fe62b800e86 at pc 0x00000057b5a3 … Continue reading

Posted in advisories, security | Leave a comment

bento4: stack-based buffer overflow in AP4_VisualSampleEntry::ReadFields (Ap4SampleEntry.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==9052==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fc5ce900866 at pc 0x00000057b5a3 … Continue reading

Posted in advisories, security | Leave a comment

bento4: heap-based buffer overflow in AP4_DataBuffer::SetData (Ap4DataBuffer.cpp)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==20986==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x606000000174 at pc 0x0000004ee515 … Continue reading

Posted in advisories, security | Leave a comment

bento4: heap-based buffer overflow in AP4_BytesToUInt32BE (Ap4Utils.h)

Description: bento4 is a fast, modern, open source C++ toolkit for all your MP4 and MPEG DASH media format needs. The complete ASan output of the issue: # mp42aac $FILE out.aac ==1966==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x617000000324 at pc 0x000000690d51 … Continue reading

Posted in advisories, security | 1 Comment