Headline
CVE-2023-39113: SEGV on unknown address has occurred when running program gif2tga in function main at gif2tag.c · Issue #27 · miniupnp/ngiflib
ngiflib commit fb271 was discovered to contain a segmentation violation via the function “main” at gif2tag.c. This vulnerability is triggered when running the program gif2tga.
Description
SEGV on unknown address has occurred when running program gif2tga in function main at gif2tga.c:169:5
Version
commit fb2713a548a530c13f14b586a479818cb0182a5e (HEAD -> master, origin/master, origin/HEAD)
Author: Thomas Bernard <[email protected]>
Date: Thu Jun 29 23:35:16 2023 +0200
Steps to reproduce
git clone https://github.com/miniupnp/ngiflib.git
cd ngiflib
CC="clang -fsanitize=address -g" CFLAGS+=-DNGIFLIB_NO_FILE make
./gif2tga -i ./poc3
INDEXED MODE
LoadGif() returned 1
._out01.tga written
LoadGif() returned 1
AddressSanitizer:DEADLYSIGNAL
=================================================================
==13842==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000002 (pc 0x0000004c68e2 bp 0x7ffce0c71440 sp 0x7ffce0c71180 T0)
==13842==The signal is caused by a READ memory access.
==13842==Hint: address points to the zero page.
#0 0x4c68e2 in main /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/gif2tga.c:169:5
#1 0x7f0dd1fa9c86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
#2 0x41bfc9 in _start (/media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/gif2tga+0x41bfc9)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/gif2tga.c:169:5 in main
==13842==ABORTING
POC
https://github.com/GGb0ndQAQ/POC/blob/main/ngiflib/poc3
Impact
Potentially causing DoS