Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
A heapoverflow bug of png2swf. poc: https://drive.google.com/open?id=10RJHlWpMJ0LVWyEqPpvODhH7tyKZbOsR asan: https://drive.google.com/open?id=1XJI_XKtLFv7gRDPYKSvmAC5RI5sHL6_h
png_read_header parameter a is a char type, and header->bpp is an int type when a is 0x80, the header->app will become 0xffffff80 by the evaluate operation
swftools/src/png2swf.c
Line 179 in 54657f9
when using bpp, the pos will become a really big number, which caused the heap overflow
swftools/lib/png.c
Line 747 in 392fb1f
The text was updated successfully, but these errors were encountered:
No branches or pull requests
A heapoverflow bug of png2swf.
poc: https://drive.google.com/open?id=10RJHlWpMJ0LVWyEqPpvODhH7tyKZbOsR
asan: https://drive.google.com/open?id=1XJI_XKtLFv7gRDPYKSvmAC5RI5sHL6_h
png_read_header
parameter a is a char type, and header->bpp is an int type
when a is 0x80, the header->app will become 0xffffff80 by the evaluate operation
swftools/src/png2swf.c
Line 179 in 54657f9
when using bpp, the pos will become a really big number, which caused the heap overflow
swftools/lib/png.c
Line 747 in 392fb1f
The text was updated successfully, but these errors were encountered: