You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This is a duplicate report of issue saitoha#166 in the original project, and both projects are affected.
Description
There is a floating point exception error in sixel_encoder_do_resize, encoder.c:610 in img2sixel 1.10.2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
Version
img2sixel 1.10.2, commit id 2855eea ( Sun Feb 6 22:12:51 2022 -0500)
Reproduction
# img2sixel -w 128 poc /tmp/foo
AddressSanitizer:DEADLYSIGNAL
=================================================================
==702171==ERROR: AddressSanitizer: FPE on unknown address 0x55555558f807 (pc 0x55555558f807 bp 0x7fffffff8b50 sp 0x7fffffff8b30 T0)
#0 0x55555558f806 in sixel_encoder_do_resize ../src/encoder.c:610
#1 0x555555590924 in sixel_encoder_encode_frame ../src/encoder.c:919
#2 0x5555555ff4da in load_gif ../src/fromgif.c:675
#3 0x5555555dfaf8 in load_with_builtin ../src/loader.c:869
#4 0x5555555e6ae0 in sixel_helper_load_image_file ../src/loader.c:1379
#5 0x555555596d70 in sixel_encoder_encode ../src/encoder.c:1695
#6 0x55555558ec7b in main ../converters/img2sixel.c:432
#7 0x7ffff71a80b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x240b2)
#8 0x55555558f26d in _start (/home/data/wdw/programs/libsixel/build_asan/bin/img2sixel+0x3b26d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE ../src/encoder.c:610 in sixel_encoder_do_resize
==702171==ABORTING
This is a duplicate report of issue saitoha#166 in the original project, and both projects are affected.
Description
There is a floating point exception error in sixel_encoder_do_resize, encoder.c:610 in img2sixel 1.10.2. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
Version
img2sixel 1.10.2, commit id 2855eea ( Sun Feb 6 22:12:51 2022 -0500)
Reproduction
poc.zip
Platform
The text was updated successfully, but these errors were encountered: