Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

invalid memory read in SwapDWord #49

Closed
bestshow opened this issue Jun 8, 2017 · 3 comments
Closed

invalid memory read in SwapDWord #49

bestshow opened this issue Jun 8, 2017 · 3 comments

Comments

@bestshow
Copy link

@bestshow bestshow commented Jun 8, 2017

On Yerase TNEF Printer v1.9.2, an invalid memory read was found in the function SwapDWord.

#ytnefprint $FILE
=================================================================
 SEGV on unknown address 0x000000000008 (pc 0x00000052223d bp 0x7ffcf7d97890 sp 0x7ffcf7d976c0 T0)
==16379==The signal is caused by a READ memory access.
==16379==Hint: address points to the zero page.
    #0 0x52223c in SwapDWord /home/haojun/Downloads/ytnef-master/lib/ytnef.c:180:26
    #1 0x52223c in IsCompressedRTF /home/haojun/Downloads/ytnef-master/lib/ytnef.c:1479
    #2 0x52223c in MAPIPrint /home/haojun/Downloads/ytnef-master/lib/ytnef.c:1413
    #3 0x5164c2 in PrintTNEF /home/haojun/Downloads/ytnef-master/ytnefprint/main.c:169:5
    #4 0x51554a in main /home/haojun/Downloads/ytnef-master/ytnefprint/main.c:84:5
    #5 0x7f3f435d4b34 in __libc_start_main /usr/src/debug/glibc-2.17-c758a686/csu/../csu/libc-start.c:274
    #6 0x41a8db in _start (/home/haojun/Downloads/ytnef-afl-build/bin/ytnefprint+0x41a8db)

 SEGV /home/haojun/Downloads/ytnef-master/lib/ytnef.c:180:26 in SwapDWord
==16379==ABORTING

testcase: https://github.com/bestshow/p0cs/blob/master/invalid-memory-read-in_SwapDWord
Credit : ADLab of Venustech

@fgeek
Copy link

@fgeek fgeek commented Aug 3, 2017

Please use CVE-2017-12142 for this issue.

@ohwgiles
Copy link
Contributor

@ohwgiles ohwgiles commented May 31, 2018

It's not valid to call PrintTNEF on a TNEFStruct that did not correctly pass TNEFParse. Issue fixed with 35dc501

@Yeraze
Copy link
Owner

@Yeraze Yeraze commented Jul 30, 2018

@Yeraze Yeraze closed this Jul 30, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants