🚨 Potential Integer Overflow or Wraparound

rockcarry / ffjpeg

a simple jpeg codec.

GNU General Public License v3.0

106 stars 46 forks source link

🚨 Potential Integer Overflow or Wraparound #39

Open huntr-helper opened 3 years ago

huntr-helper commented 3 years ago

👋 Hello, @rockcarry - a potential high severity Integer Overflow or Wraparound vulnerability in your repository has been disclosed to us.

Next Steps

1️⃣ Visit https://huntr.dev/bounties/1-other-rockcarry/ffjpeg for more advisory information.

2️⃣ Sign-up to validate or speak to the researcher for more assistance.

3️⃣ Propose a patch or outsource it to our community - whoever fixes it gets paid.

Confused or need more help?

Join us on our Discord and a member of our team will be happy to help! 🤗
Speak to a member of our team: @JamieSlome

This issue was automatically generated by huntr.dev - a bug bounty board for securing open source code.

JamieSlome commented 3 years ago

@rockcarry - let me know, and happy to help here once you have made a decision!

rockcarry commented 3 years ago

说中文好了用英语提issue 习惯了

因为在网站https://huntr.dev/bounties/1-other-rockcarry/ffjpeg 上也披露了漏洞，方便github授权一下这个网站然后把这个漏洞标记为有效么。（huntr.dev 这个网站是用来对github网站上的开源项目进行漏洞披露的）你修复的补丁在上面提交好像也有奖励（我也不确定，我是因为这个网站说可以申请CVE所以尝试在这里提交一下）

麻烦你了

具体要怎么授权和标记，我也不是很明白怎么做。

rockcarry commented 3 years ago

@rockcarry - let me know, and happy to help here once you have made a decision!

I tried to mark the Disclosure Status to vaild, but I didn't find the button. If you can help me, please do it.

JamieSlome commented 3 years ago

@rockcarry - are you able to send a screenshot of the advisory page?

zidingz commented 3 years ago

你好！

@rockcarry 你需要先通过GitHub注册, 然后你会看到这些按钮。

Simply click on 'Mark as Valid' to validate the disclosure. Let me know if you need further assistance 😊

rockcarry commented 3 years ago

I got this error page.

JamieSlome commented 3 years ago

@rockcarry - are you able to re-visit the page again, we are trying to debug on our side.

Do you get any errors in the browser console?

Apologies for the inconvenience!

rockcarry commented 3 years ago

I've revisited the link, still got same problem: 😳 Oops! It looks like you encountered a pesky error. Doesn't look right? Take me back home or get in touch.

rockcarry commented 3 years ago

Is the console like this? This problem maybe happens if didn't �login by your github account.

如果觉得麻烦的话这个issue 也可以直接close掉，无伤大雅。

对的就是显示这个界面，但是我确定我的 github 账号是登录了的。

rockcarry commented 3 years ago

啊那我也不清楚具体问题了，你在 https://github.com/settings/applications 这里看看 Authorized OAuth Apps 有huntr么，上面这种错误情况发生于把 oauth 取消掉之后

JamieSlome commented 3 years ago

I have marked this as valid on behalf of @rockcarry and tracked the commit for the fix on the advisory.

Cheers! 🍰