-
Notifications
You must be signed in to change notification settings - Fork 271
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
out of bound read in libraw_cxx.cpp:6158(parse_x3f) #144
Comments
Do you have some sample file that causes the crash? Also, I have not working with CVE-ID assignment mechanics, so no way I'll do it now. Do it yourself if you need CVE# |
Sorry, because of some security reasons, i can not send crash file to you. But I think this should be easy to analysis. |
Yes, the stack overrun is very easy to fix: 895529f I was interested to see properties list parser too and it is much easier to do with specially crafted file on hands (normal files are parsed normally). |
Followup: my fix fixes possible stack overrun, not out of bound read. I really need sample to fix OOB read too. |
I checked your patch and the problem still exists. My team has sent the POC to your email(info@libraw.org). Please check it out. |
It is definitely not received for the moment I writing this (spam boxes and mail logs are checked too). Could you disclose From: email (e.g. partially only left side or only right side) for in-depth check? I've checked the logs for last 3 hours only |
received, thanks |
ok,i'm in hoilday now, i will check it 3 days later. |
Two CVEs were assigned, they are CVE-2018-10529 and CVE-2018-10528 |
Thanks a lot. I'm not a CVE-ID-assignment master. To be reflected in Changelog on 0.18.10 release (waiting for @Edward-L confirmation) |
Could you attach the POC for tests in old versions that will be patched? Thanks! |
See above: @Edward-L does not want to disclose that for some security reasons: #144 (comment) |
I think you have fixed it. I have not found any problems until now. Thanks. |
OK, 0.18 updated too: f2fe201 Tarballs on main site also updated: https://www.libraw.org/download @carnil, what should I do with CVEs? |
The GET_PROPERTY_TABLE in x3f_load_property_list function get a large name_offset and value_offset, the programe will crash in parse_x3f funtion 's utf2char(P[i].name, name) and utf2char(P[i].value, value) when it access a unreadable address.
Please assign a CVE-ID, thank you!
The text was updated successfully, but these errors were encountered: