Skip to content

CVE-2018-20545 #37

Closed
Closed
@fgeek

Description

@fgeek

Following vulnerability has been reported to Red Hat issue tracker:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20545
https://bugzilla.redhat.com/show_bug.cgi?id=1652621

./img2txt POC0

version: libcaca0.99beta19
Summary: 

There is an illegal WRITE memory access at src/common-image.c:203 (function:load_image )in libcaca latest version.

Description:

The asan debug is as follows:

$./img2txt POC0

=================================================================
==28346==ERROR: AddressSanitizer: SEGV on unknown address 0x6020ffff0030 (pc 0x5643f5ff307a bp 0x603000000010 sp 0x7ffde48056e0 T0)
==28346==The signal is caused by a WRITE memory access.
    #0 0x5643f5ff3079 in load_image /home/company/real/libcaca-master/src/common-image.c:203
    #1 0x5643f5ff17c7 in main /home/company/real/libcaca-master/src/img2txt.c:171
    #2 0x7fde504511c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0)
    #3 0x5643f5ff1f09 in _start (/home/company/real/libcaca-master/install_asan/bin/img2txt+0x2f09)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/company/real/libcaca-master/src/common-image.c:203 in load_image
==28346==ABORTING

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions