-
Notifications
You must be signed in to change notification settings - Fork 69
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ Security] heap-buffer-overflow of export.c in function export_tga #53
Comments
CVE-2021-30498 is assigned for this issue. |
This is due to the fact that the images in the POC have a size of 0x0 and thus, when exporting, no data is written for the image bits. |
These were all caused by sprintf() appending a null char that was not actually used. Fixes CVE-2021-30498 and CVE-2021-30499.
I believe this is fixed in libcaca v0.99.beta20. |
Hi libcaca Team
When I use the libfuzz test library API, I found an overflow error. Here are the steps to reproduce and my running environment
System info:
Ubuntu 20.04 : clang 10.0.0 , gcc 9.3.0
Fedora 33: clang 11.0.0 , gcc 10.2.1
libcaca version e4968ba
Verification steps:
1.Get the source code of libcaca
2.Compile the libcaca.so library
$ cd libcaca $ ./bootstrap $ ./configure $ make
or
3.Create the poc_tga.cc && build
4.compile poc_tga.cc
5.Run poc_tga
asan info:
The text was updated successfully, but these errors were encountered: