जमा करें #520181: Open Source libgsf <=1.14.53 Integer Overflow -> Heap Overflow (gsf_base64_encode_simple)जानकारी

शीर्षकOpen Source libgsf <=1.14.53 Integer Overflow -> Heap Overflow (gsf_base64_encode_simple)
विवरणThe vulnerability arises from performing unchecked arithmetic on a user-supplied length, which can trigger an integer overflow that results in underallocating the buffer, thereby risking buffer overflow during base64 encoding. guint8 * gsf_base64_encode_simple (guint8 const *data, size_t len) { guint8 *out; int state = 0; guint save = 0; gboolean break_lines = TRUE; /* This differs from g_base64_encode */ size_t outlen = len * 4 / 3 + 5; // arithmetic on user input length stored in a size_t variable (unsigned it) - no length verification if (break_lines) outlen += outlen / 72 + 1; out = g_new (guint8, outlen); // underallocation due to integer overflow via the arithmetic outlen = gsf_base64_encode_close (data, len, break_lines, out, &state, &save); // a call that writes b64 encoded data to the newly allocated buffer out[outlen] = '\0'; return out; }
उपयोगकर्ता ninpwn (UID 82253)
सबमिशन13/03/2025 09:19 PM (1 वर्ष पहले)
संयम24/03/2025 01:46 PM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि300741 [GNOME libgsf तक 1.14.53 gsf_base64_encode_simple size_t बफ़र ओवरफ़्लो]
अंक17

Do you need the next level of professionalism?

Upgrade your account now!