Headline

CVE-2020-24221: I found a large or infinite loop in ngiflib · Issue #17 · miniupnp/ngiflib

An issue was discovered in GetByte function in miniupnp ngiflib version 0.4, allows local attackers to cause a denial of service (DoS) via crafted .gif file (infinite loop).

1 year ago

CVE

Open in Source

#ubuntu #linux #dos #redis #c++#amd

I used the command line gif2tga --outbase /dev/null path_to_file to run gif2tga and got a timeout.
The program didn’t return or repsond.
The system is ubuntu 16.04.6 amd-64, source commit id is: 0245fd4
compiled by gcc version 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.12)

debug informations is:
GNU gdb (Ubuntu 7.11.1-0ubuntu1~16.5) 7.11.1
Copyright © 2016 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law. Type “show copying”
and “show warranty” for details.
This GDB was configured as "x86_64-linux-gnu".
Type “show configuration” for configuration details.
For bug reporting instructions, please see:
http://www.gnu.org/software/gdb/bugs/.
Find the GDB manual and other documentation resources online at:
http://www.gnu.org/software/gdb/documentation/.
For help, type "help".
Type “apropos word” to search for commands related to "word"…
Reading symbols from gif2tga…done.
(gdb) r --outbase /dev/null /home/yang/test.gif
Starting program: /home/yang/MyProject/remote_test/target_src/ngiflib/gif2tga --outbase /dev/null /home/yang/test.gif
^C
Program received signal SIGINT, Interrupt.
0x00007ffff7b04320 in __read_nocancel () at …/sysdeps/unix/syscall-template.S:84
84 …/sysdeps/unix/syscall-template.S: No such file or directory.
(gdb) step
_IO_new_file_underflow (fp=0x605070) at fileops.c:594
594 fileops.c: No such file or directory.
(gdb) step
597 in fileops.c
(gdb)
596 in fileops.c
(gdb)
597 in fileops.c
(gdb)
607 in fileops.c
(gdb)
613 in fileops.c
(gdb)
608 in fileops.c
(gdb)
613 in fileops.c
(gdb)
__GI__IO_default_uflow (fp=0x605070) at genops.c:414
414 genops.c: No such file or directory.
(gdb)
417 in genops.c
(gdb)
_IO_getc (fp=0x605070) at getc.c:37
37 getc.c: No such file or directory.
(gdb)
_IO_acquire_lock_fct (p=) at libioP.h:866
866 libioP.h: No such file or directory.
(gdb)
_IO_getc (fp=0x605070) at getc.c:37
37 getc.c: No such file or directory.
(gdb)
_IO_acquire_lock_fct (p=) at libioP.h:867
867 libioP.h: No such file or directory.
(gdb)