Category Archives: security

graphicsmagick: use-after-free in ReadWMFImage (wmf.c)

Posted on August 5, 2017 by ago

Description: graphicsmagick is a collection of tools and libraries for many image formats. The complete ASan output of the issue: # gm convert -negate -clip $FILE out ==24889==ERROR: AddressSanitizer: heap-use-after-free on address 0x60c0000005c0 at pc 0x7fca38d0da52 bp 0x7ffc6119c090 sp 0x7ffc6119c088 … Continue reading →

Posted in advisories, security | 1 Comment

graphicsmagick: use-after-free in CloseBlob (blob.c)

Posted on July 12, 2017 by ago

Description: graphicsmagick is a collection of tools and libraries for many image formats. The complete ASan output of the issue: # gm identify $FILE ==20404==ERROR: AddressSanitizer: heap-use-after-free on address 0x6230000053c0 at pc 0x7fc01a253357 bp 0x7fffcd2d2630 sp 0x7fffcd2d2628 READ of size … Continue reading →

Posted in advisories, security | Leave a comment

mpg123: global buffer overflow in III_i_stereo (layer3.c)

Posted on July 3, 2017 by ago

Description: mpg123 is a fast console MPEG Audio Player and decoder library. The complete ASan output of the issue: # mpg123-mpg123 -t $FILE ==10588==ERROR: AddressSanitizer: global-buffer-overflow on address 0x7f01025c5cbc at pc 0x7f010229bfe3 bp 0x7ffc988ac5b0 sp 0x7ffc988ac5a8 READ of size 4 … Continue reading →

Posted in advisories, security | 1 Comment

xar: NULL pointer dereference in xar_get_path (util.c)

Posted on June 28, 2017 by ago

Description: xar is an easily extensible archive format. The complete ASan output of the issue: # xar -t -f $FILE ==5525==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x7f075cfb35f6 bp 0x7fff705167b0 sp 0x7fff70515f38 T0) ==5525==The signal is caused by a … Continue reading →

Posted in advisories, security | Leave a comment

xar: NULL pointer dereference in xar_unserialize (archive.c)

Posted on June 28, 2017 by ago

Description: xar is an easily extensible archive format. The complete ASan output of the issue: # xar -t -f $FILE ==7615==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000008 (pc 0x7f71a859ebd6 bp 0x7fffd8ace150 sp 0x7fffd8acde80 T0) ==7615==The signal is caused by a … Continue reading →

Posted in advisories, security | 1 Comment

lame: two UBSAN crashes

Posted on June 17, 2017 by ago

Description: lame is a high quality MPEG Audio Layer III (MP3) encoder licensed under the LGPL. Few notes before the details of this bug. Time ago a fuzz was done by Brian Carpenter and Jakub Wilk which posted the results … Continue reading →

Posted in advisories, security | Leave a comment

Category Archives: security

graphicsmagick: use-after-free in ReadWMFImage (wmf.c)

graphicsmagick: use-after-free in CloseBlob (blob.c)

mpg123: global buffer overflow in III_i_stereo (layer3.c)

xar: NULL pointer dereference in xar_get_path (util.c)

xar: NULL pointer dereference in xar_unserialize (archive.c)

lame: two UBSAN crashes

lame: multiple left shift

lame: stack-based buffer overflow in III_dequantize_sample (layer3.c)

lame: stack-based buffer overflow in III_i_stereo (layer3.c)

lame: heap-based buffer overflow in fill_buffer_resample (util.c)

Recent Posts

Recent Comments

Archives

Categories

Meta