Out-of-bound write #10
Comments
|
CVE-2018-18599 has been assigned for this issue. @D4rkD0g Thank you for your work. Btw you should minimize crashing samples. Sample minimized with afl-tmin 2.52b here: CVE-2018-18599.jpeg.zip cbc06736f17753db5b3a5f6544d9777a37bacd63 CVE-2018-18599.jpeg |
|
@D4rkD0g why did you close this issue report? |
|
@fgeek I'm SORRY for my mishandling ,I thought it was notified by the developer. |
|
Thank you for finding this bug. However this is merely a code-mirror of an unmaintained research project. I won't be acting on this report. As such, I've added a disclaimer to the top of the README and will leave this issue open as a signpost to future developers (if they ever wander here). |
sirius@lambda:~/Desktop/stegdetect-master$ valgrind ./stegdetect -tF ../crashes/id:000001,sig:11,src:000000,op:flip1,pos:297
==91335== Memcheck, a memory error detector
==91335== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==91335== Using Valgrind-3.11.0 and LibVEX; rerun with -h for copyright info
==91335== Command: ./stegdetect -tF ../crashes/id:000001,sig:11,src:000000,op:flip1,pos:297
==91335==
==91335== Invalid write of size 4
==91335== at 0x40ACF5: f5_compress (f5.c:126)
==91335== by 0x40BE79: detect_f5 (f5.c:505)
==91335== by 0x4067C7: detect (stegdetect.c:1213)
==91335== by 0x402087: main (stegdetect.c:1568)
==91335== Address 0x80 is not stack'd, malloc'd or (recently) free'd
==91335==
==91335==
==91335== Process terminating with default action of signal 11 (SIGSEGV): dumping core
==91335== Access not within mapped region at address 0x80
==91335== at 0x40ACF5: f5_compress (f5.c:126)
==91335== by 0x40BE79: detect_f5 (f5.c:505)
==91335== by 0x4067C7: detect (stegdetect.c:1213)
==91335== by 0x402087: main (stegdetect.c:1568)
==91335== If you believe this happened as a result of a stack
==91335== overflow in your program's main thread (unlikely but
==91335== possible), you can try to increase the size of the
==91335== main thread stack using the --main-stacksize= flag.
==91335== The main thread stack size used in this run was 8388608.
==91335==
==91335== HEAP SUMMARY:
==91335== in use at exit: 143,896 bytes in 79 blocks
==91335== total heap usage: 83 allocs, 4 frees, 150,144 bytes allocated
==91335==
==91335== LEAK SUMMARY:
==91335== definitely lost: 108,664 bytes in 3 blocks
==91335== indirectly lost: 0 bytes in 0 blocks
==91335== possibly lost: 0 bytes in 0 blocks
==91335== still reachable: 35,232 bytes in 76 blocks
==91335== suppressed: 0 bytes in 0 blocks
==91335== Rerun with --leak-check=full to see details of leaked memory
==91335==
==91335== For counts of detected and suppressed errors, rerun with: -v
==91335== ERROR SUMMARY: 1 errors from 1 contexts (suppressed: 0 from 0)
Segmentation fault
the poc
The text was updated successfully, but these errors were encountered: