Skip to content
Branch: master
Find file History
Pull request Compare This branch is 1 commit ahead, 3 commits behind mudongliang:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
..
Failed to load latest commit information.
NEGATIVESIZE-input-tga.c-528-7.TGA
README.md

README.md

CVE/EDB ID

CVE-2017-9196

Experiment Environment

Ubuntu 14.04

INSTALL and Configuration

http://autotrace.sourceforge.net/

Problems in Installation and Configuration

n/a

How to trigger vulnerability

autotrace $FILE

PoC

In folder

Vulnerability Details and Patch

n/a

Root Cause

n/a

Stack Trace

==4317==ERROR: AddressSanitizer: negative-size-param: (size=-393212)
    #0 0x4b9c19 in __asan_memset /tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.0/work/compiler-rt-4.0.0.src/lib/asan/asan_interceptors.cc:457
    #1 0x7fb89cb5952e in ReadImage /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/input-tga.c:528:7
    #2 0x7fb89cb5952e in input_tga_reader /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/input-tga.c:157
    #3 0x7fb89cbdd2e9 in at_bitmap_read /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/autotrace.c:142:13
    #4 0x50da1e in main /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/main.c:133:16
    #5 0x7fb89bc38680 in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289
    #6 0x41a708 in _init (/usr/bin/autotrace+0x41a708)

0x7fb81763d800 is located 0 bytes inside of 2147188739-byte region [0x7fb81763d800,0x7fb8975f5803)
allocated by thread T0 here:
    #0 0x4d02b0 in calloc /tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.0/work/compiler-rt-4.0.0.src/lib/asan/asan_malloc_linux.cc:74
    #1 0x7fb89cbdd9e1 in at_bitmap_init /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/autotrace.c:191:2
    #2 0x7fb89cb59081 in ReadImage /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/input-tga.c:490:11
    #3 0x7fb89cb59081 in input_tga_reader /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/input-tga.c:157
    #4 0x7fb89cbdd2e9 in at_bitmap_read /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/autotrace.c:142:13
    #5 0x50da1e in main /tmp/portage/media-gfx/autotrace-0.31.1-r8/work/autotrace-0.31.1/main.c:133:16
    #6 0x7fb89bc38680 in __libc_start_main /tmp/portage/sys-libs/glibc-2.23-r3/work/glibc-2.23/csu/../csu/libc-start.c:289

SUMMARY: AddressSanitizer: negative-size-param /tmp/portage/sys-libs/compiler-rt-sanitizers-4.0.0/work/compiler-rt-4.0.0.src/lib/asan/asan_interceptors.cc:457 in __asan_memset

References

https://blogs.gentoo.org/ago/2017/05/20/autotrace-multiple-vulnerabilities-the-autotrace-nightmare/

You can’t perform that action at this time.