oss-sec mailing list archives
Re: CVE-2019-2201: libjpeg-turbo: code execution
From: pgajdos <pgajdos () suse cz>
Date: Tue, 12 Nov 2019 13:17:50 +0100
On Mon, Nov 11, 2019 at 05:49:45PM +0100, Wolfgang Frisch wrote:
Program received signal SIGSEGV, Segmentation fault. 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6 (gdb) bt #0 0x00007ffff7d44d9d in __memset_avx2_erms () from /lib64/libc.so.6 #1 0x0000555555558f7a in memset (__len=18446744071562074395, __ch=127, __dest=<optimized out>) at /usr/include/bits/string_fortified.h:71 #2 decomp (srcBuf=0x0, jpegBuf=0x7fffffffd8e0, jpegSize=0x7fffffffd8e8, dstBuf=<optimized out>, w=26755, h=26755, subsamp=2, jpegQual=0, fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755", tilew=26755, tileh=26755) at /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:174 #3 0x0000555555557103 in decompTest (fileName=0x7fffffffdfaa "CVE-2019-2201-reproducer-SEGFAULT-26755x26755") at /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:712 #4 main (argc=<optimized out>, argv=<optimized out>) at /usr/src/debug/libjpeg-turbo-2.0.3-56.1.x86_64/tjbench.c:1003We identified that it crashed on writing to a libc.so mapping.
https://github.com/libjpeg-turbo/libjpeg-turbo/issues/388 Petr
Current thread:
- CVE-2019-2201: libjpeg-turbo: code execution Wolfgang Frisch (Nov 11)
- Re: CVE-2019-2201: libjpeg-turbo: code execution pgajdos (Nov 12)