FS#71230 - [tifig-bin 0.2.2-1] Segmentation fault

Attached to Project: Arch Linux
Opened by Alena Novoseltseva (Nalen) - Friday, 11 June 2021, 17:18 GMT
Last edited by Antonio Rojas (arojas) - Friday, 11 June 2021, 17:36 GMT
Task Type Bug Report
Category Packages: Extra
Status Closed
Assigned To No-one
Architecture x86_64
Severity Medium
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Package: tifig-bin 0.2.2-1
Denial Of Service.

Triggered by:
./tifig -v -p PoC.heic out.jpg
Segmentation fault

Run tifig executable with malformed input file as an argument (.heic), example: ./tifig -v -p PoC.heic out.jpg. So denial of service due to an old version of heif lib used inside the tifig, which implemented in itemdatabox.cpp:25 at ItemDataBox::read() allows
attacker to cause segmentation fault and application crash via a crafted malformed HEIC file.

Reporting to vendor:

The bug was reported to vendor’s official github repository (https://github.com/monostream/tifig) and there is no response about 3 months.
My report with additional info (PoC, ASAN-Report, GDB info): https://github.com/monostream/tifig/issues/64

Affected components:

Affected executables: tifig (used an old version of heif lib inside).
Affected file/line: llib/heif/Srcs/common/itemdatabox.cpp:25.
Affected function: ItemDataBox::read().
   PoC.heic (460.7 KiB)
This task depends upon

Closed by  Antonio Rojas (arojas)
Friday, 11 June 2021, 17:36 GMT
Reason for closing:  Not a bug
Additional comments about closing:  AUR packages are not supported

Loading...