Recent changes to 14: null pointer dereference incjpeg

#14 null pointer dereference incjpeg

Anonymous — Wed, 16 Mar 2016 22:43:33 -0000

Description has changed:

Diff:

--- old
+++ new
@@ -22,3 +22,5 @@
 gdb$ $8 = 0x92d91bc1
 gdb$ x/x 0x92d91bc1
 0x92d91bc1:    Cannot access memory at address 0x92d91bc1
+
+Aladdin Mubaied

null pointer dereference incjpeg

Anonymous — Wed, 16 Mar 2016 22:43:05 -0000

I would like to report a null pointer derefernece in libjpeg library in rdppm.c:153. here is the details:

This bug can be used to cause a denial of service attack and some cases remote code execution if the library is used in a system accepts users input.

$ /opt/libjpeg/bin/cjpeg crasher

Starting program: /opt/libjpeg/bin/cjpeg crasher

Program received signal SIGSEGV, Segmentation fault.

*#0 get_text_gray_row (cinfo=0x7fffffffe2c0, sinfo=<optimized out="">) at rdppm.c:153

1 0x0000000000401996 in main (argc=0x2, argv=0x7fffffffe618) at cjpeg.c:6**42

2 0x00007ffff7738af5 in __libc_start_main () from /lib64/libc.so.6

3 0x0000000000401e2d in _start ()

*ptr++ = rescale[read_pbm_integer(cinfo, infile)];

=> 0x407b08 <get_text_gray_row+200>: movzx esi,BYTE PTR [r13+rcx*1+0x0]

gdb$ p $r13+$rcx*1+0x0
gdb$ $8 = 0x92d91bc1
gdb$ x/x 0x92d91bc1
0x92d91bc1: Cannot access memory at address 0x92d91bc1

null pointer dereference incjpeg

Anonymous — Wed, 16 Mar 2016 22:43:05 -0000

Ticket 14 has been modified: null pointer dereference incjpeg
Edited By: Anonymous (*anonymous)
Description updated:
--- description-old

+++ description-new

@@ -22,4 +22,6 @@

gdb$ $8 = 0x92d91bc1
gdb$ x/x 0x92d91bc1
0x92d91bc1: Cannot access memory at address 0x92d91bc1
+
+Aladdin Mubaied