oss-sec mailing list archives

CVE request: libgpf: use-after-free vulnerability in Decoder.cpp

From: "Pengsu Cheng" <pcheng () gmx com>
Date: Thu, 20 Aug 2015 00:50:19 +0200

Name : libpgf
Affected Version: <= 7.15.25
URL : http://www.libpgf.org
Summary : PGF (Progressive Graphics File) library
Description :
libPGF contains an implementation of the Progressive Graphics File (PGF)
which is a new image file format, that is based on a discrete, fast
wavelet transform with progressive coding features. PGF can be used
for lossless and lossy compression.

An use-after-free issue in Decoder.cpp was reported to upstream. The problem is due to lack of validation of 
ColorTableSize. 

The bug was fixed by upstream:
https://sourceforge.net/p/libpgf/code/147/
https://sourceforge.net/p/libpgf/code/148/

References:

[1] Bug #1251749 - Use-after-free bug in Decoder.cpp
https://bugzilla.redhat.com/show_bug.cgi?id=1251749
[2] https://admin.fedoraproject.org/updates/FEDORA-2015-13336/libpgf-6.14.12-4.fc23

Current thread:

CVE request: libgpf: use-after-free vulnerability in Decoder.cpp Pengsu Cheng (Aug 19)
- Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp cve-assign (Aug 25)