LibTIFF – ‘tif_jbig.c’ Denial of Service

• Exploit Database
• 100 阅读

• 作者： team OWL337
  日期： 2017-07-06
• 类别：

  • dos
  平台：

  • linux
• 来源：https://www.exploit-db.com/exploits/42300/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

  Source: http://bugzilla.maptools.org/show_bug.cgi?id=2706   Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”   Triggered by “./tiff2ps $POC” or “./tiff2pdf $POC”   The asan debug information is below:   $./tiff2ps $POC     ================================================================= ==26627==ERROR: LeakSanitizer: detected memory leaks   Direct leak of 1792 byte(s) in 7 object(s) allocated from: #0 0x7f7c4f1a19aa in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa) #1 0x7f7c4dca72fd(/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd) #2 0x3ea(<unknown module>)   Indirect leak of 170491316224 byte(s) in 223 object(s) allocated from: #0 0x7f7c4f1a19aa in malloc (/usr/lib/x86_64-linux-gnu/libasan.so.2+0x989aa) #1 0x7f7c4dca72fd(/usr/lib/x86_64-linux-gnu/libjbig.so.0+0x12fd) #2 0x3ea(<unknown module>)   SUMMARY: AddressSanitizer: 170491318016 byte(s) leaked in 230 allocation(s).     Affected version: <=the Latest version (4.0.8)     Credits:   This vulnerability is detected by team OWL337, with our custom fuzzer coll AFL. Please contact ganshuitao@gmail.comand chaoz@tsinghua.edu.cn if you need more info about the team, the tool or the vulnerability.     Proof of Concept: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/42300.zip