FS#71229 - [tifig-bin 0.2.2-1] DoS Heap buffer overflow
Attached to Project:
Arch Linux
Opened by Alena Novoseltseva (Nalen) - Friday, 11 June 2021, 17:12 GMT
Last edited by Antonio Rojas (arojas) - Friday, 11 June 2021, 17:35 GMT
Opened by Alena Novoseltseva (Nalen) - Friday, 11 June 2021, 17:12 GMT
Last edited by Antonio Rojas (arojas) - Friday, 11 June 2021, 17:35 GMT
|
Details
Package: tifig-bin 0.2.2-1
Denial Of Service: heap buffer overflow was discovered. Triggered by: ./tifig -v -p PoC.heic out.jpg Segmentation fault Run tifig executable with malformed input file as an argument (.heic), example: ./tifig -v -p PoC.heic out.jpg. So heap buffer overflow due to an old version of heif lib used inside the tifig, which implemented in bitstream.cpp:109 at BitStream::extract(int, int, BitStream&) allows attacker to cause segmentation fault and application crash via a crafted malformed HEIC file. Reporting to vendor: The bug was reported to vendor’s official github repository (https://github.com/monostream/tifig) and there is no response about 3 months. My report with additional info (PoC, ASAN-Report, GDB info): https://github.com/monostream/tifig/issues/63 Affected components: Affected executables: tifig (used an old version of heif lib inside). Affected file/line: lib/heif/Srcs/common/bitstream.cpp:109. Affected function: BitStream::extract(int, int, BitStream&). 
PoC.heic
(460.7 KiB)
|
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 11 June 2021, 17:35 GMT
Reason for closing: Not a bug
Additional comments about closing: AUR packages are not supported
Friday, 11 June 2021, 17:35 GMT
Reason for closing: Not a bug
Additional comments about closing: AUR packages are not supported