GIFLIB:memory leak in GIF2RGB
Description
giflib is a library for reading and writing gif images. It is API and ABI compatible with libungif which was in wide use while the LZW compression algorithm was patented.
The GIF2RGB function in gif2rgb.c allows attackers to cause a denial of service (memory leak) via a crafted file.
#gif2rgb -o out.gif $FILE
=================================================================
==124794==ERROR: LeakSanitizer: detected memory leaks
==124794==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 1156 byte(s) in 34 object(s) allocated from:
#0 0x7f6288723bb8 in interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x4039bf in GIF2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:392
#2 0x404a7a in main /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:525
#3 0x7f62882c2b34 in libc_start_main (/lib64/libc.so.6+0x21b34)
#0 0x7f6288723bb8 in interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x4039bf in GIF2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:392
#2 0x404a7a in main /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:525
#3 0x7f62882c2b34 in libc_start_main (/lib64/libc.so.6+0x21b34)
Direct leak of 34 byte(s) in 1 object(s) allocated from:
#0 0x7f6288723bb8 in interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x4037d7 in GIF2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:385
#2 0x404a7a in main /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:525
#3 0x7f62882c2b34 in libc_start_main (/lib64/libc.so.6+0x21b34)
#0 0x7f6288723bb8 in interceptor_malloc ../../../../libsanitizer/asan/asan_malloc_linux.cc:62
#1 0x4037d7 in GIF2RGB /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:385
#2 0x404a7a in main /home/haojun/Downloads/testopensourcecode/giflib-5.1.4/util/gif2rgb.c:525
#3 0x7f62882c2b34 in libc_start_main (/lib64/libc.so.6+0x21b34)
SUMMARY: AddressSanitizer: 1190 byte(s) leaked in 35 allocation(s).
Affected version:
5.1.4
Fixed version:
N/A
Commit fix:
N/A
Credit:
ADLab of Venustech.
CVE:
N/A
Reproducer:
Timeline:
2017-04-22:bug discovered
2017-06-20:blog post about the issue
Permalink:
http://somevulnsofadlab.blogspot.com/2017/06/giflibmemory-leak-in-gif2rgb.html
评论
发表评论