FS#71230 - [tifig-bin 0.2.2-1] Segmentation fault
Attached to Project:
Arch Linux
Opened by Alena Novoseltseva (Nalen) - Friday, 11 June 2021, 17:18 GMT
Last edited by Antonio Rojas (arojas) - Friday, 11 June 2021, 17:36 GMT
Opened by Alena Novoseltseva (Nalen) - Friday, 11 June 2021, 17:18 GMT
Last edited by Antonio Rojas (arojas) - Friday, 11 June 2021, 17:36 GMT
|
Details
Package: tifig-bin 0.2.2-1
Denial Of Service. Triggered by: ./tifig -v -p PoC.heic out.jpg Segmentation fault Run tifig executable with malformed input file as an argument (.heic), example: ./tifig -v -p PoC.heic out.jpg. So denial of service due to an old version of heif lib used inside the tifig, which implemented in itemdatabox.cpp:25 at ItemDataBox::read() allows attacker to cause segmentation fault and application crash via a crafted malformed HEIC file. Reporting to vendor: The bug was reported to vendor’s official github repository (https://github.com/monostream/tifig) and there is no response about 3 months. My report with additional info (PoC, ASAN-Report, GDB info): https://github.com/monostream/tifig/issues/64 Affected components: Affected executables: tifig (used an old version of heif lib inside). Affected file/line: llib/heif/Srcs/common/itemdatabox.cpp:25. Affected function: ItemDataBox::read(). |
This task depends upon
Closed by Antonio Rojas (arojas)
Friday, 11 June 2021, 17:36 GMT
Reason for closing: Not a bug
Additional comments about closing: AUR packages are not supported
Friday, 11 June 2021, 17:36 GMT
Reason for closing: Not a bug
Additional comments about closing: AUR packages are not supported