Closed yangfar closed 1 year ago
@lvandeve this appears inside the nist database: https://nvd.nist.gov/vuln/detail/CVE-2022-44081
Could you maybe take a deeper look at this?
Thanks for discovering this issue and reporting! It's fixed with 997936fd2b45842031e4180d73d7880e381cf33f
The issue was in the binary utility pngdetail.cpp instead of the library itself, and was due to not correctly checking all errors
Version
pngdetail by Lode Vandevenne version: 20220717
Command
./pngdetail @@
Crash Output
AddressSanitizer:DEADLYSIGNAL
================================================================= ==2262494==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000003 (pc 0x0000004f43b4 bp 0x000000000080 sp 0x7ffd35c4f320 T0) ==2262494==The signal is caused by a WRITE memory access. ==2262494==Hint: address points to the zero page.
0 0x4f43b4 in readChunk_tRNS(LodePNGColorMode, unsigned char const, unsigned long) /home/hjsz/fuzz_software/lodepng-master/lodepng.cpp:4406:65
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/hjsz/fuzz_software/lodepng-master/lodepng.cpp:4406:65 in readChunk_tRNS(LodePNGColorMode, unsigned char const, unsigned long) ==2262494==ABORTING
POC
POC.zip Report of the Information Security Laboratory of Ocean University of China @OUC_ISLOUC @OUC_Blue_Whale
Thanks for your time!