| عنوان | imageinfo buffer overflow |
|---|
| الوصف | imageinfo project has buffer overflow in the imageinfo.hpp file, attackers can crash software by constructing malicious files.In imageinfo.hpp 497 lines to 509 lines, this loop function didn't safety check offset value, Eventually overflow.
The poc url is: https://github.com/10cksYiqiyinHangzhouTechnology/imageinfo_poc
The project issue is: https://github.com/xiaozhuai/imageinfo/issues/1#issue-1600041028
Vulnerability function:
```cpp
off_t offset = 0; // typedef long _off_t; off_t offset = 0;
off_t end = metaLength;
while (offset < end) {
uint32_t boxSize = buffer.readU32BE(offset); // uint32_t readU32BE;
if (buffer.cmpAnyOf(offset + 4, 4, {"iprp", "ipco"})) {
end = offset + boxSize;
offset += 8;
} else if (buffer.cmp(offset + 4, 4, "ispe")) {
width = buffer.readU32BE(offset + 12);
height = buffer.readU32BE(offset + 16);
return true;
} else {
offset += boxSize;
}
}
``` |
|---|
| المصدر | ⚠️ https://github.com/10cksYiqiyinHangzhouTechnology/imageinfo_poc |
|---|
| المستخدم | 10cksYiqiyinHangzhouTechnology (UID 41666) |
|---|
| ارسال | 26/02/2023 01:43 PM (3 سنوات منذ) |
|---|
| الاعتدال | 06/03/2023 08:17 AM (8 days later) |
|---|
| الحالة | تمت الموافقة |
|---|
| إدخال VulDB | 222362 [xiaozhuai imageinfo حتى 3.0.3 imageinfo.hpp تلف الذاكرة] |
|---|
| النقاط | 20 |
|---|