AddressSanitizer:DEADLYSIGNAL
=================================================================
==2937923==ERROR: AddressSanitizer: SEGV on unknown address 0x62f00df00400 (pc 0x7ffff7267108 bp 0x6060000000e0 sp 0x7fffffffe0e0 T0)
==2937923==The signal is caused by a READ memory access.
#0 0x7ffff7267107 in pixSetPadBits (/lib/x86_64-linux-gnu/liblept.so.5+0x12e107)
#1 0x7ffff71c93f4 in pixConnCompPixa (/lib/x86_64-linux-gnu/liblept.so.5+0x903f4)
#2 0x7ffff72262d8 in jbGetComponents (/lib/x86_64-linux-gnu/liblept.so.5+0xed2d8)
#3 0x7ffff72289eb in jbAddPage (/lib/x86_64-linux-gnu/liblept.so.5+0xef9eb)
#4 0x5555555633ad in jbig2_add_page(jbig2ctx*, Pix*) /test2/jbig2enc/src/jbig2enc.cc:512
#5 0x55555555f408 in main /test2/jbig2enc/src/jbig2.cc:482
#6 0x7ffff6c1f082 in __libc_start_main ../csu/libc-start.c:308
#7 0x55555555bf4d in _start (/test2/jbig2enc/src/jbig2+0x7f4d)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/lib/x86_64-linux-gnu/liblept.so.5+0x12e107) in pixSetPadBits
==2937923==ABORTING
carnil
commented
9 months ago
SEGV in jbig2enc
Description
jbig2enc v0.28 was discovered to contain a SEGV via jbig2_add_page in src/jbig2enc.cc:512. This vulnerability can lead to a Denial of Service (DoS).
ASAN Log
./src/jbig2 -s -S -p -v -d -2 -O out.png Poc2jbig2enc
Reproduction
PoC
Poc2jbig2enc: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/Poc2jbig2enc
Version
Reference
https://github.com/agl/jbig2enc
Environment
Credit
Zeng Yunxiang