Heap Buffer Overflow Vulnerability in Pngdefry #1
Comments
|
Thanks for this. I am maintaining this fork but I think you should definitely report this to the original author too (email is in the README). |
|
Thanks for the response. |
See #1 This does not fix for the vulnerability when the checksums are valid. `-C` switch allows for old behaviour.
|
Quick workaround for now is to not ignore when the CRC32 check fails on the IHDR as it does with your example file (switch |
See #1 This does not fix for the vulnerability when the checksums are valid. `-C` switch allows for old behaviour.
|
Closing this. Invalid CRC32 no longer ignored by default. This is as per recommendation:
|
|
This issue has been addressed per your recommendation (not auto-repair bad CRC's, adding a flag to explicitly allow this), as well as the underlying cause (documented in my web page). A new version 1.2 has been put on my site. |
This is to report a heap overflow vulnerability in Pngdefry. This issue affects the 'process()' function of the 'pngdefry.c' source file.
Valgrind reports Invalid write of size 1 and Invalid read of size 1.
To reproduce this issue open the 'png-file' with Pngdefry application.
POC files attached below:
Addresssanitizer.txt
GDB.txt
png_file.txt
Valgrind.txt
The text was updated successfully, but these errors were encountered: