oss-sec mailing list archives
Re: [oCERT-2015-006] dcraw input sanitization errors
From: Stefan Cornelius <scorneli () redhat com>
Date: Tue, 19 May 2015 11:25:02 +0200
On Mon, 11 May 2015 15:59:55 +0200 Andrea Barisani <lcars () ocert org> wrote:
#2015-006 dcraw input sanitization errors Description: The dcraw photo decoder is an open source project for raw image parsing. The dcraw tool, as well as several other projects re-using its code, suffers from an integer overflow condition which lead to a buffer overflow. The vulnerability concerns the 'len' variable, parsed without validation from opened images, used in the ljpeg_start() function. A maliciously crafted raw image file can be used to trigger the vulnerability, causing a Denial of Service condition.
Just as a heads-up: This should affect netpbm, too. https://sourceforge.net/p/netpbm/code/HEAD/tree/advanced/converter/other/cameratopam/ljpeg.c Although there's a check for "len" in line #37, it shouldn't trigger, as "len" will be negative at that point. -- Stefan Cornelius / Red Hat Product Security Come talk to Red Hat Product Security at the Summit! Red Hat Summit 2015 - https://www.redhat.com/summit/
Current thread:
- [oCERT-2015-006] dcraw input sanitization errors Andrea Barisani (May 11)
- Re: [oCERT-2015-006] dcraw input sanitization errors cve-assign (May 12)
- Re: [oCERT-2015-006] dcraw input sanitization errors Stefan Cornelius (May 19)