There is a floating point exception error in sixel_encoder_do_resize, encoder.c:636 in img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
Version
$ img2sixel -V
img2sixel 1.8.6
configured with:
libcurl: yes
libpng: yes
libjpeg: yes
gdk-pixbuf2: no
GD: no
Reproduction
# img2sixel -h 128 poc /tmp/foo
ASAN:DEADLYSIGNAL
=================================================================
==363283==ERROR: AddressSanitizer: FPE on unknown address 0x55890ff6ea81 (pc 0x55890ff6ea81 bp 0x7ffc4b1bb790 sp 0x7ffc4b1bb760 T0)
#0 0x55890ff6ea80 in sixel_encoder_do_resize /root/cov_test/libsixel/src/encoder.c:636
#1 0x55890ff6fdf0 in sixel_encoder_encode_frame /root/cov_test/libsixel/src/encoder.c:968
#2 0x55890ff743a9 in load_image_callback /root/cov_test/libsixel/src/encoder.c:1679
#3 0x55890ffca596 in load_gif /root/cov_test/libsixel/src/fromgif.c:671
#4 0x55890ffc3f92 in load_with_builtin /root/cov_test/libsixel/src/loader.c:908
#5 0x55890ffc4936 in sixel_helper_load_image_file /root/cov_test/libsixel/src/loader.c:1418
#6 0x55890ff7480c in sixel_encoder_encode /root/cov_test/libsixel/src/encoder.c:1743
#7 0x55890ff6aa0e in main /root/cov_test/libsixel/converters/img2sixel.c:457
#8 0x7f02f1eebc86 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x21c86)
#9 0x55890ff68359 in _start (/root/cov_test/libsixel/build_asan/bin/img2sixel+0x39359)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: FPE /root/cov_test/libsixel/src/encoder.c:636 in sixel_encoder_do_resize
==363283==ABORTING
Description
There is a floating point exception error in sixel_encoder_do_resize, encoder.c:636 in img2sixel 1.8.6. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted JPEG file.
Version
Reproduction
poc.zip
Platform