Skip to content

Invalid memory address dereference in zzip_disk_fread (in zzip/mmapped.c:721) [CVE-2018-7725] #39

Closed
@fantasy7082

Description

@fantasy7082

Hi,it's a issues about the zziplib v0.13.68. It crashed in function zzip_disk_fread.the details are below(ASAN):

./unzzip-mem 001-null-p 
ASAN:SIGSEGV
=================================================================
==12462==ERROR: AddressSanitizer: SEGV on unknown address 0x7ffff7fec000 (pc 0x7ffff5d450bd bp 0x62400001e100 sp 0x7fffffffdd40 T0)
    #0 0x7ffff5d450bc in inflate (/usr/local/lib/libz.so.1+0xb0bc)
    #1 0x7ffff6c65054 in zzip_disk_fread ../../zzip/mmapped.c:721
    #2 0x7ffff6c67156 in zzip_mem_disk_fread ../../zzip/memdisk.c:551
    #3 0x401696 in unzzip_mem_disk_cat_file ../../bins/unzzipcat-mem.c:52
    #4 0x401ae8 in unzzip_cat ../../bins/unzzipcat-mem.c:122
    #5 0x401f08 in unzzip_extract ../../bins/unzzipcat-mem.c:170
    #6 0x4013e3 in main ../../bins/unzzip.c:74
    #7 0x7ffff68b682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
    #8 0x400fa8 in _start (/usr/local/zzip-asan/bin/unzzip-mem+0x400fa8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 inflate
==12462==ABORTING

POC FILE:https://github.com/fantasy7082/image_test/blob/master/003-unknow-def-zip

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Projects

    No projects

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions