-
Notifications
You must be signed in to change notification settings - Fork 264
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Read out of bound in TGA files #697
Comments
any comment? |
There might be a bug there, but who needs to read TGAs in … checks calendar … 2021? |
@me22bee could you upload the full test case or do you use only bug00084.c? |
yes. |
@me22bee could you attach the patched test file? Should be an easy fix. TGA is still used, indeed not for web but our targets go further than web devs :) |
I have sent a pull request and also attached the patch file here. |
Thank you @me22bee :) |
your welcome, |
let me check with the ***@***.***, we have access :)
…On Mon, Jul 19, 2021, 2:03 PM me22bee ***@***.***> wrote:
your welcome,
Don't you assign a CVE number to it?
@pierrejoye <https://github.com/pierrejoye>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#697 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACE6KCKWJFRWGQSTNHENVTTYPE3DANCNFSM435BOBUQ>
.
|
any update? |
CVE-2021-38115 seems to have been assigned for this issue. |
Will a release be provided with this security fix? |
FTR the fix has been released in 2.3.3 |
hello,
this issue is showing a read out of bound for a corrupted TGA test.txt which is patched by adding some checks for
gdGetBuf
.although the patch prevents occurring this vulnerability I saw that this function (
gdGetBuf
) is used inread_header_tga
too which there is no check for its return value again.I changed the header of the file which was used for the previous CVE-2016-6132. In fact, I changed the first byte to
ff
which is assigned totga->identsize
.file(it is a tga, not a really a txt)
when I run the test with this input file ASAN shows this:
Is it showing another vulnerability?
The text was updated successfully, but these errors were encountered: