Headline
CVE-2023-39114: SEGV on unknown address has occurred when running program SDLaffgif in function SDL_LoadAnimatedGif at ngiflibSDL.c:179 · Issue #29 · miniupnp/ngiflib
ngiflib commit 84a75 was discovered to contain a segmentation violation via the function SDL_LoadAnimatedGif at ngiflibSDL.c. This vulnerability is triggered when running the program SDLaffgif.
Description
SEGV on unknown address has occurred when running program SDLaffgif in function SDL_LoadAnimatedGif at ngiflibSDL.c:179:3
Version
commit 84a750338394bbd2f8ff15811e2098bd9634180a (HEAD -> master, origin/master, origin/HEAD)
Author: Thomas Bernard <[email protected]>
Date: Sat Jul 15 01:46:02 2023 +0200
Steps to reproduce
git clone https://github.com/miniupnp/ngiflib.git
cd ngiflib
CC="clang -fsanitize=address -g" make
./SDLaffgif ./poc4
End of image code 0x101 (nbbit=10)
ZERO TERMINATOR 0x00
AddressSanitizer:DEADLYSIGNAL
=================================================================
==6500==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000044 (pc 0x7ffff7b68f51 bp 0x7fffffffddd0 sp 0x7fffffffd940 T0)
==6500==The signal is caused by a READ memory access.
==6500==Hint: address points to the zero page.
#0 0x7ffff7b68f51 in SDL_LockSurface (/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0+0x2df51)
#1 0x4c6e74 in SDL_LoadAnimatedGif /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/ngiflibSDL.c:179:3
#2 0x4c5d1a in main /media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/SDLaffgif.c:107:14
#3 0x7ffff6b8ac86 in __libc_start_main /build/glibc-uZu3wS/glibc-2.27/csu/../csu/libc-start.c:310
#4 0x41ba59 in _start (/media/psf/Home/Desktop/Fuzz/Binarys/ngiflib/ngiflib/SDLaffgif+0x41ba59)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV (/usr/lib/x86_64-linux-gnu/libSDL-1.2.so.0+0x2df51) in SDL_LockSurface
==6500==ABORTING
POC
https://github.com/GGb0ndQAQ/POC/blob/main/ngiflib/poc4
Impact
Potentially causing DoS