Author Archives: ago

libzip: use-after-free in _zip_buffer_free (zip_buffer.c)

Description: libzip is a library for manipulating zip archives. The relevant ASan output of the issue: # ziptool $FILE cat index ==1771==ERROR: AddressSanitizer: heap-use-after-free on address 0x6030000000d1 at pc 0x7f267d085fc1 bp 0x7ffed21f65f0 sp 0x7ffed21f65e8 READ of size 1 at 0x6030000000d1 … Continue reading

Posted in advisories, security | Leave a comment

libzip: memory allocation failure in _zip_cdir_grow (zip_dirent.c)

Description: libzip is a library for manipulating zip archives. The relevant ASan output of the issue: # ziptool $FILE cat index ==16798==ERROR: AddressSanitizer failed to allocate 0xc0a96a2000 (827476025344) bytes of LargeMmapAllocator (error code: 12) ==16798==Process memory map follows: ==16798==End of … Continue reading

Posted in advisories, security | Leave a comment

graphicsmagick: use-after-free in CloseBlob (blob.c) (INCOMPLETE FIX FOR CVE-2017-11403)

Description: graphicsmagick is a collection of tools and libraries for many image formats. After some test I realized that the fix for CVE-2017-11403 was not enough, see also: graphicsmagick: use-after-free in CloseBlob (blob.c) The complete ASan output of the issue: … Continue reading

Posted in advisories, security | 1 Comment

graphicsmagick: memory allocation failure in MagickRealloc (memory.c)

Description: graphicsmagick is a collection of tools and libraries for many image formats. The relevant ASan output of the issue: # gm convert -clip -negate $FILE out ==15168==End of process memory map. ==15168==AddressSanitizer CHECK failed: /var/tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.1/work/compiler-rt-4.0.1.src/lib/sanitizer_common/sanitizer_common.cc:120 “((0 && “unable to … Continue reading

Posted in advisories, security | Leave a comment

openjpeg: stack-based buffer overflow write in pgxtoimage (convert.c)

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2k ==159529==ERROR: AddressSanitizer: stack-buffer-overflow on address 0x7fde59900160 at pc 0x000000450bef bp 0x7ffe7641f3c0 sp 0x7ffe7641eb70 WRITE of size 36 … Continue reading

Posted in advisories, security | 2 Comments

openjpeg: invalid memory write in tgatoimage (convert.c)

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k ASAN:DEADLYSIGNAL ================================================================= ==13239==ERROR: AddressSanitizer: SEGV on unknown address 0x7f4f2e9b4800 (pc … Continue reading

Posted in advisories, security | Leave a comment

openjpeg: heap-based buffer overflow in opj_t2_encode_packet (t2.c)

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -r 20,10,1 -jpip -EPH -SOP -cinema2K 24 -n 1 -i $FILE -o null.j2k TIFFReadDirectoryCheckOrder: Warning, Invalid TIFF directory; tags are not sorted in … Continue reading

Posted in advisories, security | 3 Comments

sys-kernel/grsecurity-sources available!

Is known that the grsecurity project since few weeks made available the grsecurity patches only for their customers. In the meantime some people made their fork of the latest publicly available patches. At Gentoo, for some reasons (which I respect) … Continue reading

Posted in gentoo, security | 10 Comments

openjpeg: heap-based buffer overflow in opj_write_bytes_LE (cio.c)

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -I -cinema4K -n 1 -i $FILE -o null.jp2 ==133214==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x61100000012b at pc 0x7f221efde81a bp 0x7ffd4c1d9ad0 sp 0x7ffd4c1d9ac8 WRITE of … Continue reading

Posted in advisories, security | 1 Comment

openjpeg: heap-based buffer overflow in opj_mqc_flush (mqc.c)

Description: openjpeg is an open-source JPEG 2000 library. The complete ASan output of the issue: # opj_compress -n 1 -i $FILE -o null.j2c ==81142==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000000b6 at pc 0x7fc39ca4a189 bp 0x7fff91c10aa0 sp 0x7fff91c10a98 WRITE of size 1 … Continue reading

Posted in advisories, security | 1 Comment