Headline
CVE-2020-22524: FreeImage / Bugs / #319 SEGV in function Load() in PluginPFM.cpp
Buffer Overflow vulnerability in FreeImage_Load function in FreeImage Library 3.19.0(r1828) allows attackers to cuase a denial of service via crafted PFM file.
SEGV in function Load() in PluginPFM.cpp****Summary:
There is a SEGV in PluginPFM.cpp while loading image with FreeImage_Load function。
Version Affected: 3.19.0 (r1828)****ASAN Details
AddressSanitizer:DEADLYSIGNAL ================================================================= ==24231==ERROR: AddressSanitizer: SEGV on unknown address 0x613fa5f646c0 (pc 0x0000005a86b3 bp 0x7ffee3d2c080 sp 0x7ffee3d2b8e0 T0) ==24231==The signal is caused by a WRITE memory access. #0 0x5a86b2 in Load(FreeImageIO*, void*, int, int, void*) /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginPFM.cpp #1 0x5252fc in FreeImage_LoadFromHandle /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/Plugin.cpp:388:24 #2 0x52550c in FreeImage_Load /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/Plugin.cpp:408:22 #3 0x50640c in main /home/src/freeimage-svn/FreeImage/trunk/load-test.c:16:18 #4 0x7f6f56aa6b6a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x26b6a) #5 0x428569 in _start (/home/src/freeimage-svn/FreeImage/trunk/load-test+0x428569)
AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/src/freeimage-svn/FreeImage/trunk/Source/FreeImage/PluginPFM.cpp in Load(FreeImageIO*, void*, int, int, void*) ==24231==ABORTING
Reproduce
To reproduce it ,compile FreeImage with ASAN. Then compile and execute the test file in the attachment as follows:
Clang++ -g -fsanitize=address load-test.c -lfreeimage -L. -lm -o load-test ./load-test SEGV_PluginPFM_cpp
Credit
ADLab of Venustech
Related news
Ubuntu Security Notice 6586-1 - It was discovered that FreeImage incorrectly handled certain memory operations. If a user were tricked into opening a crafted TIFF file, a remote attacker could use this issue to cause a heap buffer overflow, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS. It was discovered that FreeImage incorrectly processed images under certain circumstances. If a user were tricked into opening a crafted TIFF file, a remote attacker could possibly use this issue to cause a stack exhaustion condition, resulting in a denial of service attack. This issue only affected Ubuntu 16.04 LTS and Ubuntu 20.04 LTS.
Debian Linux Security Advisory 5579-1 - Multiple vulnerabilities were discovered in FreeImage, a support library for graphics image formats, which could result in the execution of arbitrary code if malformed image files are processed.