जमा करें #520184: Open Source libgsf <=1.14.53 Out-of-Bounds Read (sorting_key_copy)जानकारी

शीर्षकOpen Source libgsf <=1.14.53 Out-of-Bounds Read (sorting_key_copy)
विवरणThe vulnerability occurs because the function copies an extra element—assuming a null terminator exists—resulting in an out-of-bounds read if the original allocation for sk->name didn't include space for that terminator. static GsfMSOleSortingKey *gsf_msole_sorting_key_copy(GsfMSOleSortingKey *sk) { GsfMSOleSortingKey *res = g_new(GsfMSOleSortingKey, 1); res->len = sk->len; // Allocate space for sk->len + 1 gunichar2 characters, // assuming that sk->name contains a null terminator. res->name = g_new(gunichar2, sk->len + 1); // Copy (sk->len + 1) gunichar2 elements from sk->name into res->name. // If sk->name was not originally allocated with (sk->len + 1) elements, // this memcpy will read past the allocated memory (OOB read). memcpy(res->name, sk->name, (sk->len + 1) * sizeof(gunichar2)); return res; }
उपयोगकर्ता ninpwn (UID 82253)
सबमिशन13/03/2025 09:24 PM (1 वर्ष पहले)
संयम24/03/2025 01:46 PM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि300744 [GNOME libgsf तक 1.14.53 sorting_key_copy नाम सूचना का प्रकटीकरण]
अंक17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!