| 제목 | Open Source libgsf <=1.14.53 Integer Overflow -> Heap Overflow (gsf_base64_encode_simple) |
|---|
| 설명 | The vulnerability arises from performing unchecked arithmetic on a user-supplied length, which can trigger an integer overflow that results in underallocating the buffer, thereby risking buffer overflow during base64 encoding.
guint8 *
gsf_base64_encode_simple (guint8 const *data, size_t len)
{
guint8 *out;
int state = 0;
guint save = 0;
gboolean break_lines = TRUE; /* This differs from g_base64_encode */
size_t outlen = len * 4 / 3 + 5; // arithmetic on user input length stored in a size_t variable (unsigned it) - no length verification
if (break_lines)
outlen += outlen / 72 + 1;
out = g_new (guint8, outlen); // underallocation due to integer overflow via the arithmetic
outlen = gsf_base64_encode_close (data, len, break_lines,
out, &state, &save); // a call that writes b64 encoded data to the newly allocated buffer
out[outlen] = '\0';
return out;
} |
|---|
| 사용자 | ninpwn (UID 82253) |
|---|
| 제출 | 2025. 03. 13. PM 09:19 (1 년도 ago) |
|---|
| 모더레이션 | 2025. 03. 24. PM 01:46 (11 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 300741 [GNOME libgsf 까지 1.14.53 gsf_base64_encode_simple size_t 메모리 손상] |
|---|
| 포인트들 | 17 |
|---|