CVE-2022-3857: LIBPNG: PNG reference library / Bugs

• Summary
• Files
• Reviews
• Support
• Tickets ▾
  • Bugs
  • Feature Requests
• News
• Code

Menu ▾ ▴

#300 Segmentation fault caused by npd in pngimage, png_setup_paeth_row, pngwutil.c:2496

Status: open

Owner: nobody

Labels: None

Priority: 5

Updated: 2023-01-09

Created: 2022-11-03

Private: No

Hi, there.

There is a segmentation fault in the latest stable release of 1.6.38 caused by null pointer dereference in png_setup_paeth_row, pngwutil.c:2496.

To reproduce, run

Here is the trace reported by ASAN:

==4043214==ERROR:AddressSanitizer:SEGVonunknownaddress0xffffffffd78b1b20(pc0x0000005a8cf7bp0x61a000003081sp0x7ffd80295b40T0) ==4043214==ThesignaliscausedbyaREADmemoryaccess. #0 0x5a8cf7 in png_setup_paeth_row /benchmark/libpng-1.6.38/build-a/…/pngwutil.c:2496:14 #1 0x5a8cf7 in png_write_find_filter /benchmark/libpng-1.6.38/build-a/…/pngwutil.c:2725:13 #2 0x58266f in png_write_row /benchmark/libpng-1.6.38/build-a/…/pngwrite.c:909:4 #3 0x584c9a in png_write_image /benchmark/libpng-1.6.38/build-a/…/pngwrite.c:636:10 #4 0x584c9a in png_write_png /benchmark/libpng-1.6.38/build-a/…/pngwrite.c:1465:4 #5 0x4fd99a in write_png /benchmark/libpng-1.6.38/build-a/…/contrib/libtests/pngimage.c:1368:4 #6 0x4f9cdc in test_one_file /benchmark/libpng-1.6.38/build-a/…/contrib/libtests/pngimage.c:1443:4 #7 0x4f9cdc in do_test /benchmark/libpng-1.6.38/build-a/…/contrib/libtests/pngimage.c:1573:7 #8 0x4f87fa in main /benchmark/libpng-1.6.38/build-a/…/contrib/libtests/pngimage.c:1677:23 #9 0x7f8bd6838082 in __libc_start_main /build/glibc-SzIz7B/glibc-2.31/csu/…/csu/libc-start.c:308:16 #10 0x41d51d in _start ( /benchmark/libpng-1.6.38/build-a/pngimage+0x41d51d)

AddressSanitizercannotprovideadditionalinfo. SUMMARY:AddressSanitizer:SEGV/benchmark/libpng-1.6.38/build-a/…/pngwutil.c:2496:14inpng_setup_paeth_row ==4043214==ABORTING Aborted

1 Attachments

Discussion

Log in to post a comment.