New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
invalid memory read in outputSWF_TEXT_RECORD #77
Comments
|
In this case, Since A workaround would be to check for As far as I am aware, this issue wasn't assigned any CVE ID. I'll request one. |
|
For the record, this issue was assigned identifier CVE-2017-16883. |
|
I think warning and continue is more useful
|
fip and fip_current are static pointers to a linked list containing fonts information. This list and the two pointers are initialized and filled by saveFontInfo() (called by the outputSWF_DEFINEFONTxxxx() functions when defining new fonts). In the case where no font is defined, saveFontInfo() is never called and the two list pointers are NULL. This situation may trigger a NULL pointer dereference in outputSWF_TEXT_RECORD. In this patch, we check for !fip_current before dereferencing it. In the == NULL case, we print a warning and continue. This commit addresses CVE-2017-16883 (fixes libming#77).
On libming latest version, an invalid memory read was found in function outputSWF_TEXT_RECORD .
testcase : https://github.com/bestshow/p0cs/blob/master/invalid-memory-read-in_outputSWF_TEXT_RECORD
Credit : ADLab of Venustech
The text was updated successfully, but these errors were encountered: