जमा करें #520183: Open Source libgsf <=1.14.53 Integer Overflow -> Heap Overflow (gsf_property_settings_collec)जानकारी

शीर्षकOpen Source libgsf <=1.14.53 Integer Overflow -> Heap Overflow (gsf_property_settings_collec)
विवरणThe vulnerability arises from unchecked arithmetic during the dynamic expansion of the parameters array—adding 16 to n_alloced_params near SIZE_MAX can overflow, leading to underallocation and potential out-of-bounds writes to heap memory. void gsf_property_settings_collect_valist (GType object_type, GParameter **p_params, size_t *p_n_params, const gchar *first_property_name, va_list var_args) { ... size_t n_params = *p_n_params; size_t n_alloced_params = n_params; ... while (name) { ... if (n_params >= n_alloced_params) { n_alloced_params += 16; // If n_alloced_params is near SIZE_MAX, adding 16 may overflow. params = g_renew (GParameter, params, n_alloced_params); // underallocation as a result fof the arithmetic } params[n_params].name = name; //the 'write' logic, could attempt to derference an offset that isn't mapped, or write to arbitrary addresses on the heap ... n_params++; // another incrementation vector that could lead to an overflow in theory ... } ... }
उपयोगकर्ता ninpwn (UID 82253)
सबमिशन13/03/2025 09:22 PM (1 वर्ष पहले)
संयम24/03/2025 01:46 PM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि300743 [GNOME libgsf तक 1.14.53 gsf_property_settings_collec n_alloced_params बफ़र ओवरफ़्लो]
अंक17

Do you need the next level of professionalism?

Upgrade your account now!