New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Out-Of-Bounds Read in function read_image_tga of gd_tga.c (CVE-2016-6905) #248
Comments
|
Please remove the |
|
That might be a duplicate of #247. I'll have a look at it. |
|
@vapier Tested POC and it's not duplicate. |
|
@oerdnj I was able to reproduce with valgrind. The file appears to be corrupt wrt. to the RLE. |
|
@cmb69 I think I have a fix, just a moment to test it. |
|
The decoding ends with buffer overflow here: |
|
It would be interesting to have the QuickFuzz test flow in a github repo so we can run it from time to time to valid any code changes we make before a release :) |
|
According to http://seclists.org/oss-sec/2016/q3/363 , CVE-2016-6905 has been assigned to this issue. |
Hi, I'd like to report a OOB read issue to you. This issue can be triggered when parsing a specially crafted tga image. You can compile
libgd/tests/tga/bug00084.cwith AddressSanitizer to reproduce this issue.Credit to Ke Liu of Tencent's Xuanwu LAB.
Thanks.
The text was updated successfully, but these errors were encountered: