Closed
Description
Hi!
While I was using the tool I had some fuzz tests running in the background and I think there might be an out of bounds write bug in the webp to png converter. I compiled the tool from source using the default instructions/Makefile. I can't exactly figure out from the backtrace where the out of bounds write is happening in png2webp.c, but a rough guess would be somewhere around:
Line 499 in 0c71191
Line 504 in 0c71191
Line 505 in 0c71191
I've attached the valgrind and gdb output below with a copy of the file used to trigger the issue:
Crash file
This would possibly allow an attacker to overwrite heap memory with attacker provided data.
crash.zip
Metadata
Assignees
Labels
No labels

