博文

Libquicktime:allocation failed in quicktime_read_ftyp

Description
Libquicktime is a library for reading and writing quicktime/avi/mp4 files. It provides convenient access to quicktime files with a variety of supported codecs.
An allocation failed was found in functionquicktime_read_ftyp in ftyp.c, which allows attackers to cause a denial of service via a crafted file.
#qtinfo $POC ==2703==ERROR: failed to allocate 0x1e0003000 (8053075968) bytes of LargeMmapAllocator (error code: 12) ==2703==Process memory map follows: 0x000000400000-0x0000008b5000 /home/test/Downloads/libquicktime-afl-build/bin/qtinfo 0x000000ab5000-0x000000ab6000 /home/test/Downloads/libquicktime-afl-build/bin/qtinfo 0x000000ab6000-0x000000ad2000 /home/test/Downloads/libquicktime-afl-build/bin/qtinfo 0x000000ad2000-0x000001739000 0x00007fff7000-0x00008fff7000 0x00008fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x600000000000-0x604000000000 0x604000000000-0x604000010000 0x604000010000-0x604e00000000 0x604e00000000-0x604e00…

Libquicktime:allocation failed in quicktime_read_info

Description
Libquicktime is a library for reading and writing quicktime/avi/mp4 files. It provides convenient access to quicktime files with a variety of supported codecs.
An allocation failed was found in functionquicktime_read_info in lqt_quicktime.c, which allows attackers to cause a denial of service via a crafted file.
#qtinfo $POC ==2892==ERROR: failed to allocate 0x6c6d769000 (465692954624) bytes of LargeMmapAllocator (error code: 12) ==2892==Process memory map follows: 0x000000400000-0x0000008b5000 /home/test/Downloads/libquicktime-afl-build/bin/qtinfo 0x000000ab5000-0x000000ab6000 /home/test/Downloads/libquicktime-afl-build/bin/qtinfo 0x000000ab6000-0x000000ad2000 /home/test/Downloads/libquicktime-afl-build/bin/qtinfo 0x000000ad2000-0x000001739000 0x00007fff7000-0x00008fff7000 0x00008fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x600000000000-0x602000000000 0x602000000000-0x602000010000 0x602000010000-0x602e00000000 0x602e00000…

ytnef:heap buffer overflow in PrintTNEF

Description
ytnef is a program to work with procmail to decode TNEF streams (winmail.dat attachments) like those created with Outlook. Unlike other similar programs, it can also create vCalendar/vCard entries from meeting requests, address cards, and task entries.
A heap buffer overflow vulnerability was found in functionPrintTNEF in main.c, which allows attackers to cause a denial of service via a crafted file.
#ytnefprint $FILE ========================================================== heap-buffer-overflow on address 0x63200002d72d at pc 0x0000004abe30 bp 0x7ffc9f378f80 sp 0x7ffc9f378730 READ of size 85806 at 0x63200002d72d thread T0 #0 0x4abe2f in printf_common(void*, char const*, __va_list_tag*) /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interceptors_format.inc:544 #1 0x4acbaa in __interceptor_vprintf /home/haojun/Downloads/llvm-clang/llvm/projects/compiler-rt/lib/asan/../sanitizer_common/sanitizer_common_interce…

ytnef:allocation failed in TNEFFillMapi

Description
ytnef is a program to work with procmail to decode TNEF streams (winmail.dat attachments) like those created with Outlook. Unlike other similar programs, it can also create vCalendar/vCard entries from meeting requests, address cards, and task entries.
An allocation failed was found in functionTNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
#ytnefprint $FILE ==17209==ERROR: failed to allocate 0xa3dd42000 (43986984960) bytes of LargeMmapAllocator (error code: 12) ==17209==Process memory map follows: 0x000000400000-0x000000566000 /home/haojun/Downloads/ytnef-afl-build/bin/ytnefprint 0x000000766000-0x000000767000 /home/haojun/Downloads/ytnef-afl-build/bin/ytnefprint 0x000000767000-0x00000077f000 /home/haojun/Downloads/ytnef-afl-build/bin/ytnefprint 0x00000077f000-0x0000013e5000 0x00007fff7000-0x00008fff7000 0x00008fff7000-0x02008fff7000 0x02008fff7000-0x10007fff8000 0x6000000000…

ytnef:heap buffer overflow in TNEFFillMapi

Description
ytnef is a program to work with procmail to decode TNEF streams (winmail.dat attachments) like those created with Outlook. Unlike other similar programs, it can also create vCalendar/vCard entries from meeting requests, address cards, and task entries.
A heap buffer overflow vulnerability was found in functionTNEFFillMapi in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
#ytnefprint $FILE ================================================================= heap-buffer-overflow on address 0x6020000008f8 at pc 0x000000520d34 bp 0x7ffeed1b7070 sp 0x7ffeed1b7068 WRITE of size 4 at 0x6020000008f8 thread T0 #0 0x520d33 in TNEFFillMapi /home/haojun/Downloads/ytnef-master/lib/ytnef.c:543:18 #1 0x51a612 in TNEFMapiProperties /home/haojun/Downloads/ytnef-master/lib/ytnef.c:396:7 #2 0x52bca1 in TNEFParse /home/haojun/Downloads/ytnef-master/lib/ytnef.c:1184:15 #3 0x52a3b2 in TNEFParseFile /home/haojun/Downloads/ytnef-master/lib/ytnef.c:1042:…

ytnef:invalid memory read in SwapDWord

Description
ytnef is a program to work with procmail to decode TNEF streams (winmail.dat attachments) like those created with Outlook. Unlike other similar programs, it can also create vCalendar/vCard entries from meeting requests, address cards, and task entries.
An invalid memory read vulnerability was found in functionSwapDWord in ytnef.c, which allows attackers to cause a denial of service via a crafted file.
#ytnefprint $FILE ================================================================= SEGV on unknown address 0x000000000008 (pc 0x00000052223d bp 0x7ffcf7d97890 sp 0x7ffcf7d976c0 T0) ==16379==The signal is caused by a READ memory access. ==16379==Hint: address points to the zero page. #0 0x52223c in SwapDWord /home/haojun/Downloads/ytnef-master/lib/ytnef.c:180:26 #1 0x52223c in IsCompressedRTF /home/haojun/Downloads/ytnef-master/lib/ytnef.c:1479 #2 0x52223c in MAPIPrint /home/haojun/Downloads/ytnef-master/lib/ytnef.c:1413 #3 0x5164c2 in PrintTNEF /home/haojun/Dow…

libming:invalid memory read in OpCode

Description
Ming is a library for generating Macromedia Flash files (.swf), written in C, and  for working includes useful utilities king with .swf files.
An invalid memory read vulnerability was found in function OpCode in decompile.c, which allows attackers to cause a denial of service via a crafted file.
#swftocxx $FILE out ================================================================= SEGV on unknown address 0x60dffffffff0 (pc 0x000000566254 bp 0x2028656c696877 sp 0x7ffda7ccab50 T0) ==20555==The signal is caused by a READ memory access. #0 0x566253 in OpCode /home/haojun/Downloads/libming-master/util/decompile.c:868:37 #1 0x566253 in isLogicalOp /home/haojun/Downloads/libming-master/util/decompile.c:1193 #2 0x566253 in decompileIF /home/haojun/Downloads/libming-master/util/decompile.c:2332 #3 0x5875eb in decompileActions /home/haojun/Downloads/libming-master/util/decompile.c:3401:6 #4 0x5875eb in decompile5Action /home/haojun/Downloads/libming-master/util/deco…