-
Notifications
You must be signed in to change notification settings - Fork 78
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
two bug in jpeg encoding #87
Comments
|
Yes, thank you. Those two issues are fixed - on this particular input. One problem was that the input bitmap hook could not report an error if requesting or releasing a bitmap did not work. This has been fixed and the code was extended to collect such error codes to the caller. However, please note that the example code in the "cmd" directory is not particular robust, and is not attempted to constitute a robust implementation. If the code is required to operate in a hostile environment, the bitmap hook implementation needs to sanetize its input as the library encoder (not the decoder!) operates under the assumption that input data is valid (i.e. "garbadge-in garbadge-out"). If that cannot be assumed, the bitmap hook is required to perform such validation, and generate an error (or fix the data). |
|
Two CVEs were assigned to this bugreport, one for each bug: CVE-2023-37836 and CVE-2023-37837 Note: I didn't have any involvement in this assignment, I'm just posting here for reference. This seems to be the fixing commit: |
Hello, I was playing with my new fuzzer and found two bugs in jpeg's encoding module.
Environment
Ubuntu 20.04, gcc 9.4.0, libjpeg latest commit db33a6e
Compile with gcc and AddressSanitizer.
run the program with
./jpeg -p @@ /dev/nullBUG0
poc0.zip
BUG1
The StackTrace is below:
poc1.zip
The text was updated successfully, but these errors were encountered: