New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SEGV on Exiv2::PngImage::printStructure #307
Comments
|
Hi @legend-issue , could you please make the POC accessible? It seems that the link is broken. |
|
Sorry,I think it's OK now! |
|
Yes |
|
I think it's the latest code commit after I check it.I find this without fuzz.I just compile with ASAN and use some testcases. @fgeek |
|
Someone has requested a CVE identifier for this issue (not sure why), which is https://nvd.nist.gov/vuln/detail/CVE-2018-11037 |
|
I can neither reproduce this on master. @legend-issue Could you please provide us with the commit with which you build this? Otherwise I am going to close this issue. |
|
I am closing this issue, as it cannot be reproduced. |
The command line is exiv2 -pR [poc].
And I think you need to use ASAN to reproduce. Otherwise,it can't crash and it's like an information leak.
https://github.com/legend-issue/pocs/blob/master/exiv2/SEGV-0x607000010000_output__1526182114.43
The text was updated successfully, but these errors were encountered: