null dereference in apply_image #130
Description
This was discovered by: dorkerdevil dorkerdevil@protonmail.com - which asked us to report it to you
There is a null dereference Vulnerability(Denial of service) affecting gifdiff in gifsicle v1.91
screenshot and poc file is attached.
Note: @@ refers to poc file which is attached, and that poc file is used twice which means the same poc file will be on both place.
`PoC:~
:~/gifsicle-asan/src/gifdiffout/crashes# ../../gifdiff -w -B @@ @@
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #0:
gifdiff: error: unknown block type 102 at file offset 13
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #1:
gifdiff: error: bad graphic extension
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #0:
gifdiff: error: unknown block type 102 at file offset 13
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #1:
gifdiff: error: bad graphic extension
ASAN:SIGSEGV
==21423==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004450f8 bp 0x0c18000017f4 sp 0x7fff9f1b44b0 T0)
#0 0x4450f7 in apply_image /root/geeknik/gifsicle-asan/src/gifdiff.c:121
#1 0x44ab8d in compare /root/geeknik/gifsicle-asan/src/gifdiff.c:316
#2 0x40246b in main /root/geeknik/gifsicle-asan/src/gifdiff.c:625
#3 0x7f7821e2382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#4 0x4027f8 in _start (/root/geeknik/gifsicle-asan/src/gifdiff+0x4027f8)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/geeknik/gifsicle-asan/src/gifdiff.c:121 apply_image
==21423==ABORTING`