Headline
CVE-2019-1010069: access violation front.c:117 in txt_add(unsigned char *s, int sz) · Issue #18 · lewdlime/abcm2ps
moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.
https://drive.google.com/open?id=1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S
(gdb) set args POC4
(gdb) r
abcm2ps-8.13.20 (2018-02-21)
File POC4
Line 14: Empty line in tune header - K:C added
Program received signal SIGSEGV, Segmentation fault.
__memcpy_avx_unaligned () at …/sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:273
273 …/sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S: No such file or directory.
(gdb) bt
#0 0x00007ffff69d51e3 in __memcpy_avx_unaligned ()
at …/sysdeps/x86_64/multiarch/memcpy-avx-unaligned.S:273
#1 0x00000000004e1b5b in txt_add (__len=18446744073709551615, __src=0x827f3e, __dest=)
at /usr/include/x86_64-linux-gnu/bits/string3.h:53
#2 0x00000000004e1b5b in txt_add (s=0x827f3e "", sz=-1) at front.c:117
#3 0x00000000004e558a in frontend (s=,
s@entry=0x827ea0 "X:Eƒ\nB\222\nWV\thf\nf\nI:tOB\222\nW:T@\nW:\nW:9 hf\nf\nI: OB\222\nW:\t@EBhf\nf\nI: OB\222\n\nW OB\222\nW:\\nB\222\nWV\thf\nf\nI:tOB\222\nW:Tt\nW:\nW:9\211hf\nf\nI: OB\222\nW:\tOEBx\nW:TthB\222\035W:x\nW:\nW:9thf\nf\nI: ", ftype=ftype@entry=0, fname=fname@entry=0x827f60 "POC4", linenum=31, linenum@entry=0) at front.c:882
#4 0x000000000040b98d in treat_file (fn=, ext=) at abcm2ps.c:239
#5 0x00000000004084f9 in main (argc=0, argv=) at abcm2ps.c:1040