Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

swfcombine swf_DeleteFilter() Null-pointer access #25

Closed
lcatro opened this issue Jun 11, 2017 · 1 comment
Closed

swfcombine swf_DeleteFilter() Null-pointer access #25

lcatro opened this issue Jun 11, 2017 · 1 comment

Comments

@lcatro
Copy link

lcatro commented Jun 11, 2017

Crash : https://raw.githubusercontent.com/lcatro/My_PoC/master/swftools/swfcombine_-t-m-G-B-v-z-f-o_dev_null_swf_DeleteFilter_44EF7C

Trigger : ./swfcombine -t -m -G -B -v -z -f -o /dev/null swftools/swfcombine_-t-m-G-B-v-z-f-o_dev_null_swf_DeleteFilter_44EF7C

Crash Detail :

`
fuzzer@ub16x64:~/fuzzing/swftools/src$ ./swfcombine -t -m -G -B -v -z -f -o /dev/null swftools/swfcombine_-t-m-G-B-v-z-f-o_dev_null_swf_DeleteFilter_44EF7C
NOTICE Combine [(null)]none and [Frame00]swftools/swfcombine_-t-m-G-B-v-z-f-o_dev_null_swf_DeleteFilter_44EF7C
NOTICE Slave file attached to named object Frame00 (1).
Reading of filter type 66 not supported yet
ASAN:SIGSEGV

==18817==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x00000040f74c bp 0x000000000000 sp 0x7ffc00e43310 T0)
#0 0x40f74b in swf_DeleteFilter (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x40f74b)
#1 0x40a18c in enumerateUsedIDs (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x40a18c)
#2 0x40a99d in swf_GetNumUsedIDs (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x40a99d)
#3 0x40ab1a in swf_Relocate (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x40ab1a)
#4 0x404346 in normalcombine (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x404346)
#5 0x404857 in combine (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x404857)
#6 0x405584 in main (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x405584)
#7 0x7ffa9aea682f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2082f)
#8 0x401e48 in _start (/home/fuzzer/fuzzing/swftools/src/swfcombine+0x401e48)

AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV ??:0 swf_DeleteFilter
==18817==ABORTING
`

@galaktipus
Copy link

Is there a commit for the related CVE-2017-11096 ?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants