Open ksyang opened 10 months ago
Hi.
We discovered that the https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808), discovered in LibRaw, affects the latest version of dcraw_hack.
FLIF Version: Master branch (commit 0074d6f) Test environment : Ubuntu 22.04.2 LTS 64bit
https://github.com/FLIF-hub/FLIF/blob/0074d6fd095d27ce81346aa3fbe9bab59105053e/raw-tools/sony_arw/dcraw.c#L8109-L8132
In the above code, if the value of the col variable exceeds 2064, a stack buffer overflow occurs. The col value is determined by the value of width, but since there is no limit to the value of width, a stack buffer overflow vulnerability occurs.
$ ./FLIF/raw-tools/sony_arw/dcraw_hack ./files/test.raw Segmentation fault (core dumped)
The vulnerability can be fixed by patching as follows.
- double sum[]={0,0}; + double sum[] = {0, 0}; + if(width > 2064) return 0.f; // too wide
Due to issue upload file size limitations, the PoC is shared through Google Drive below.
PoC file : https://drive.google.com/file/d/1s5N0Ao2lAWO73bzVFmP6EMJ5LZ6Efo_Y/view?usp=drive_link
Credit : Seunghoon Woo & Kyeongseok Yang, CCS Lab
Hi.
We discovered that the https://github.com/LibRaw/LibRaw/commit/fd6330292501983ac75fe4162275794b18445bd9 vulnerability (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5808), discovered in LibRaw, affects the latest version of dcraw_hack.
System Configuration
FLIF Version: Master branch (commit 0074d6f) Test environment : Ubuntu 22.04.2 LTS 64bit
Description
https://github.com/FLIF-hub/FLIF/blob/0074d6fd095d27ce81346aa3fbe9bab59105053e/raw-tools/sony_arw/dcraw.c#L8109-L8132
In the above code, if the value of the col variable exceeds 2064, a stack buffer overflow occurs. The col value is determined by the value of width, but since there is no limit to the value of width, a stack buffer overflow vulnerability occurs.
The vulnerability can be fixed by patching as follows.
Due to issue upload file size limitations, the PoC is shared through Google Drive below.
PoC file : https://drive.google.com/file/d/1s5N0Ao2lAWO73bzVFmP6EMJ5LZ6Efo_Y/view?usp=drive_link
Credit : Seunghoon Woo & Kyeongseok Yang, CCS Lab