New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
FLIF crash with specific image: heap-buffer-overflow #513
Comments
|
This issue got assigned CVE-2018-12109 |
|
Yep, looks duplicate to me. @fouzhe since you are fuzzing with afl you should minimize the crashing files as it's easier to analyze and use it as a test case: You need to use AFL_TMIN_EXACT option or otherwise you might end up having different crash as output. |
|
Just a friendly message passing: all flif code is being removed from Debian due to open and unfixed security issues (this one as well as several others): bug 903600 |
|
Oops, thanks for the message passing, I guess I have been neglecting to maintain FLIF ever since work on JPEG XL started to get serious. Probably a bit unnecessary to still fix all the fuzzerbugs in flif; it's superseded as a codec anyway. |
|
It's your kid, not mine |
|
JPEG XL will certainly not handle old flif files, so yes, you'll still need flif to decode them to something cjxl can encode, if you want to convert them. Is this issue fixed with #532? |
Hi, all.
This PAM image file can cause crash.
It can cause heap-buffer-overflow. Here is ASAN result and I attached the file.
Thanks.
Execute the following command:
ASAN result:
The text was updated successfully, but these errors were encountered: