Closed
Description
Following vulnerability has been reported to Red Hat issue tracker:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546
https://bugzilla.redhat.com/show_bug.cgi?id=1652622
./img2txt POC1
version: libcaca0.99beta19
Summary:
There is an illegal READ memory access at caca/dither.c:1347 (function:get_rgba_default )in libcaca latest version.
Description:
The asan debug is as follows:
$./img2txt POC1
=================================================================
==28249==ERROR: AddressSanitizer: SEGV on unknown address 0x7f88ae6a7004 (pc 0x7f88b2b37857 bp 0x000000000042 sp 0x7ffe82454ed0 T0)
==28249==The signal is caused by a READ memory access.
#0 0x7f88b2b37856 in get_rgba_default /home/company/real/libcaca-master/caca/dither.c:1347
#1 0x7f88b2b3aa16 in caca_dither_bitmap /home/company/real/libcaca-master/caca/dither.c:1009
#2 0x55688cdba96e in main /home/company/real/libcaca-master/src/img2txt.c:210
#3 0x7f88b27581c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0)
#4 0x55688cdbaf09 in _start (/home/company/real/libcaca-master/install_asan/bin/img2txt+0x2f09)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/company/real/libcaca-master/caca/dither.c:1347 in get_rgba_default
==28249==ABORTING
Confirmed in f1267fb. Minimized sample CVE-2018-20546.zip with afl-tmin (SHA1: b50dccc3ebb25dd13256fc5e59bed2fcd19cc0e4)
00000000 42 4d 30 30 30 30 30 30 30 30 76 00 00 00 28 00 |BM00000000v...(.|
00000010 00 00 00 00 01 00 00 00 01 00 01 00 04 00 00 00 |................|
*
00000021
Compiler optimization might affect results.
Metadata
Metadata
Assignees
Labels
No labels