Gửi #520180: Open Source libgsf <=1.14.53 Uninitalized Heap Read (gsf_base64_encode_simple)thông tin

tiêu đềOpen Source libgsf <=1.14.53 Uninitalized Heap Read (gsf_base64_encode_simple)
Mô tảThe vulnerability arises because the null terminator is written based on an unsynchronized size argument, allowing uninitialized heap data to be included in the base64 encoded output. guint8 * gsf_base64_encode_simple (guint8 const *data, size_t len) { guint8 *out; int state = 0; guint save = 0; gboolean break_lines = TRUE; /* This differs from g_base64_encode */ size_t outlen = len * 4 / 3 + 5; // Compute the estimated output buffer size. if (break_lines) outlen += outlen / 72 + 1; // Account for line breaks in Base64 output. out = g_new (guint8, outlen); // Allocate the buffer on the heap. outlen = gsf_base64_encode_close (data, len, break_lines, out, &state, &save); // Here, `out[outlen] = '\0';` assumes that `outlen` is a valid index within `out`, // but `outlen` is calculated based on the actual bytes written, which might be // *less than* the originally allocated buffer size. If `gsf_base64_encode_close` // did not write as much data as expected (e.g., due to input size), `outlen` // might point beyond the valid written range, leaving uninitialized bytes in `out`. out[outlen] = '\0'; return out; }
Người dùng ninpwn (UID 82253)
Đệ trình13/03/2025 21:17 (cách đây 1 Năm)
Kiểm duyệt24/03/2025 13:46 (11 days later)
Trạng tháiđược chấp nhận
Mục VulDB300740 [GNOME libgsf đến 1.14.53 gsf_base64_encode_simple size tiết lộ thông tin]
điểm17

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!