We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
I found an integer overflow bug in input-bmp.ci. in function ReadImage: https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L248 width * height * 3 * sizeof (unsigned char) would integer overflow there are 3 places hace this problem: https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L267 https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L272 https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L277
here are the pocs which could crash sam2p: https://drive.google.com/open?id=1c7a3zwgRdpKUgNWWPeuF2lDPrHE_EqpV https://drive.google.com/open?id=1IwECbrc4cBieIRVB2eHs7OXqqxdN0K8D
and screenshot for ASAN: https://drive.google.com/open?id=1gaKizGbAjcofJopUrTJab4IBFVWn8CDZ https://drive.google.com/open?id=1UzDoewHR2pY0DQWwfU3zORhlmBftC99t
patch method: check width * height * 3 * sizeof (unsigned char) before calc it
The text was updated successfully, but these errors were encountered:
b3dd820
Thank you for reporting this! Fixed in b3dd820.
Sorry, something went wrong.
This issue was assigned CVE-2017-16663.
No branches or pull requests
I found an integer overflow bug in input-bmp.ci.
in function ReadImage:
https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L248
width * height * 3 * sizeof (unsigned char) would integer overflow
there are 3 places hace this problem:
https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L267
https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L272
https://github.com/pts/sam2p/blob/v0.49.4/input-bmp.ci#L277
here are the pocs which could crash sam2p:
https://drive.google.com/open?id=1c7a3zwgRdpKUgNWWPeuF2lDPrHE_EqpV
https://drive.google.com/open?id=1IwECbrc4cBieIRVB2eHs7OXqqxdN0K8D
and screenshot for ASAN:
https://drive.google.com/open?id=1gaKizGbAjcofJopUrTJab4IBFVWn8CDZ
https://drive.google.com/open?id=1UzDoewHR2pY0DQWwfU3zORhlmBftC99t
patch method:
check width * height * 3 * sizeof (unsigned char) before calc it
The text was updated successfully, but these errors were encountered: