oss-sec mailing list archives
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd
From: cve-assign () mitre org
Date: Wed, 13 Jul 2016 14:11:34 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://github.com/libgd/libgd/issues/247#issuecomment-232084241 a read out-of-bound
AddressSanitizer: heap-buffer-overflow READ of size 4
The problem is https://github.com/libgd/libgd/blob/gd-2.2.2/src/gd_tga.c#L102. In this case tga->bits == TGA_BPP_8 && tga->alphabits == 1, but the code in the if body assumes tga->bits == TGA_BPP_32. The comment above the respective code block already hints, that this combination is not supported. The condition is supposed to be: } else if (tga->bits == TGA_BPP_32 && tga->alphabits) {
https://github.com/libgd/libgd/commit/10ef1dca63d62433fda13309b4a228782db823f7
the libgd developers confirmed that this issue is not the same as CVE-2016-6132
Use CVE-2016-6214. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXhoP0AAoJEHb/MwWLVhi2CXgP/0BrhP3KJ9rAB74j3KghawYu 7sVjfO28PWfCd4aEhor1/T4UFWU7u2LWJ2uBfMG+aDbUOn3WHezSo1+6HreoJmRn X95QK52iQ7/+9ZcO0+AqbRkiP/ZhkRBq9q5jzfSDSBKwPwgc+wkYj3CvaSD9f1A7 zqJ2+y65l1jceyc/ytmFM4vA0vfRVKwaNCrYCYTVxfqPUoSZqsOTpp3yoj0l4kZM MJs7fVPbkeyWK+5S80VgSMSMoRAezackJq3GiTnonbnNn6Zxy8dX0of0eRxfzBVZ o6EhPWcawE49oOdo50GSWAN+CkPj+HMlT427/DWyvNpcuugxKlEx9eEefzSKdLAW RqUJde6c3np/tWp0Vl3DMxQEsUojUX1MV294uixvGlh5M4FUmbir/OF8kyEsjRJ1 6ZfoJRaI/JOGTbaEHOy1qjH4FoOXmDUGnDccUs6fv834UOrPVK9vNXlql++8nPxh JPHDkjv2ZO+MEV+m4EZM7FdA03oK5Hum3qWvnsmqbHMSMfCMQgUcfustMVsEreJF t5DT04HRFGVfk4DcYMu17bdyPQNPhsfqP9Dx34cHp8FYJ5M/1h9nzjFmKWyf2Tqw 39ua05QjA7VNx/m3XQBnMwKQAGfhKzoQger0mbMPO+E9fENh3PmzWJO02xtkrQAZ iHWVDcQfP5wIpp/QdtCm =W+Ut -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco (Jul 13)
- Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd cve-assign (Jul 13)