제출 #520184: Open Source libgsf <=1.14.53 Out-of-Bounds Read (sorting_key_copy)정보

제목Open Source libgsf <=1.14.53 Out-of-Bounds Read (sorting_key_copy)
설명The vulnerability occurs because the function copies an extra element—assuming a null terminator exists—resulting in an out-of-bounds read if the original allocation for sk->name didn't include space for that terminator. static GsfMSOleSortingKey *gsf_msole_sorting_key_copy(GsfMSOleSortingKey *sk) { GsfMSOleSortingKey *res = g_new(GsfMSOleSortingKey, 1); res->len = sk->len; // Allocate space for sk->len + 1 gunichar2 characters, // assuming that sk->name contains a null terminator. res->name = g_new(gunichar2, sk->len + 1); // Copy (sk->len + 1) gunichar2 elements from sk->name into res->name. // If sk->name was not originally allocated with (sk->len + 1) elements, // this memcpy will read past the allocated memory (OOB read). memcpy(res->name, sk->name, (sk->len + 1) * sizeof(gunichar2)); return res; }
사용자
 ninpwn (UID 82253)
제출2025. 03. 13. PM 09:24 (1 년도 ago)
모더레이션2025. 03. 24. PM 01:46 (11 days later)
상태수락
VulDB 항목300744 [GNOME libgsf 까지 1.14.53 sorting_key_copy 이름 정보 공개]
포인트들17

이전개요다음

Do you want to use VulDB in your project?

Use the official API to access entries easily!