Skip to content

Similar vulnerable functions related to CVE-2017-14041 #1044

Closed
@YangY-Xiao

Description

@YangY-Xiao

There are two functions similar to vulnerable function with id CVE-2017-14041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 with issue id (#997 ).

Below is the patch for CVE-2017-14041.
e528531
default

Below are two functions that similar to the vulnerable function.

  1. src/bin/jp3d/convert.c (pgxtovolume)
    for (s = 0; s < sliceno; s++) {
        int pos = maxslice == sliceno ? s : pgxslicepos[s];
        f = fopen(pgxfiles[pos], "rb");
        if (!f) {
            fprintf(stdout, "[ERROR] Failed to open %s for reading !\n", pgxfiles[s]);
            return NULL;
        }    
        fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]);

        fseek(f, 0, SEEK_SET);
        fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2,
               signtmp, &prec, temp, &w, temp, &h); 

        i = 0; 
        sign = '+'; 
        while (signtmp[i] != '\0') {
            if (signtmp[i] == '-') {
                sign = '-'; 
            }    
            i++; 
        }

default

  1. src/bin/jpwl/convert.c (pgxtoimage)
    fseek(f, 0, SEEK_SET);
    if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
               &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { 
        fprintf(stderr,
                "ERROR: Failed to read the right number of element from the fscanf() function!\n");
        fclose(f);
        return NULL;
    }

default

I think there are vulnerabilities in those two functions, too. Therefore, there should be patches for those two functions.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions