Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.Sign up
CVE-2018-10922: Use of Untrusted Length Field May Lead to Denial of Service #2
If a large length (0x7fffffff) is parsed by ttembed, the following loop will run for quite a long time causing a denial of service:
for (x=length;x>0;x-=4) sum += readbe32(inways);
As readbe32 calls fgetc four times, this results in roughly 8589934588 calls to fgetc. On my computer, it takes ttembed around 13 minutes to finish looping.
Instead of looping forever, the code should fail as soon as readbe32 detects an EOF, else, the program should verify the bounds of the program and bail out when size > actual size of the file.
This has been assigned CVE-2018-10922.