Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-46009: Two FPE bugs unique in gifsicle-1.94 · Issue #196 · kohler/gifsicle

gifsicle-1.94 was found to have a floating point exception (FPE) vulnerability via resize_stream at src/xform.c.

CVE
#vulnerability#ubuntu

We found 2 FPE bugs in gifsicle-1.94. Initially, we thought #193 would be applicable. However, upon discovering that the same reproduction steps didn’t work in gifsicle-1.93, we believe this issue might be different.

Reproduction

Build gifsicle-1.94 with ASAN, then run

src/gifsicle --crop 0,0-256,256 --crop-transparency --flip-vertical -i -p 1,1 --rotate-90 --resize=256x256 -o c $POC

We ran it on a 64-bit Ubuntu 18.04.

ASAN Report

  1. The POC can be found here. POC1

    AddressSanitizer:DEADLYSIGNAL

    ==4691==ERROR: AddressSanitizer: FPE on unknown address 0x000000584a02 (pc 0x000000584a02 bp 0x7ffc7d0d8eb0 sp 0x7ffc7d0d8ba0 T0) #0 0x584a02 in resize_stream /root/gifsicle-1.94/src/xform.c:1327:16 #1 0x593aeb in merge_and_write_frames /root/gifsicle-1.94/src/gifsicle.c:1029:7 #2 0x592f94 in output_frames /root/gifsicle-1.94/src/gifsicle.c:1108:7 #3 0x59b95d in main /root/gifsicle-1.94/src/gifsicle.c:2183:5 #4 0x7f6fa3046c86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/…/csu/libc-start.c:310 #5 0x41bbc9 in _start (/root/gifsicle-1.94/src/gifsicle+0x41bbc9)

    AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE /root/gifsicle-1.94/src/xform.c:1327:16 in resize_stream ==4691==ABORTING

  1. The POC can be found here. POC2

    AddressSanitizer:DEADLYSIGNAL

    ==21707==ERROR: AddressSanitizer: FPE on unknown address 0x000000584a2e (pc 0x000000584a2e bp 0x7ffcc64822f0 sp 0x7ffcc6481fe0 T0) #0 0x584a2e in resize_stream /root/gifsicle-1.94/src/xform.c:1327:49 #1 0x593aeb in merge_and_write_frames /root/gifsicle-1.94/src/gifsicle.c:1029:7 #2 0x592f94 in output_frames /root/gifsicle-1.94/src/gifsicle.c:1108:7 #3 0x59b95d in main /root/gifsicle-1.94/src/gifsicle.c:2183:5 #4 0x7fc4265dcc86 in __libc_start_main /build/glibc-CVJwZb/glibc-2.27/csu/…/csu/libc-start.c:310 #5 0x41bbc9 in _start (/root/gifsicle-1.94/src/gifsicle+0x41bbc9)

    AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: FPE /root/gifsicle-1.94/src/xform.c:1327:49 in resize_stream ==21707==ABORTING

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907