oss-sec mailing list archives
metapixel: multiple assertion failures
From: Agostino Sarubbo <ago () gentoo org>
Date: Tue, 22 Nov 2016 17:53:52 +0100
Description: metapixel is a program for generating photomosaics. A fuzzing on metapixel-imagesize revealed multiple assertion failures. The latest upstream release was about ten years ago, so I didn’t made any report. The bugs do not reside in any shared object which aren’t provided by the package. If you have a web application which relies on the metapixel-imagesize binary, then you are affected. Since the crashes reside in the command line tool, they may don’t warrant a CVE at all, but some distros and packagers would have the bugs fixed in their repository, so I’m sharing them. Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:59: void *open_gif_file(const char *, int *, int *): Assertion `data->file !=0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00059-metapixel-assert-open_gif_file-1 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:63: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetRecordType(data->file, &record_type) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00060-metapixel-assert-open_gif_file-2 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:68: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetImageDesc(data->file) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00061-metapixel-assert-open_gif_file-3 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:102: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetExtension(data->file, &ext_code, &ext) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00062-metapixel-assert-open_gif_file-4 ########################################## Affected version: 1.0.2 Output/failure: metapixel-imagesize: rwgif.c:106: void *open_gif_file(const char *, int *, int *): Assertion `DGifGetExtensionNext(data->file, &ext) != 0′ failed. Commit fix: N/A Fixed version: N/A Testcase: https://github.com/asarubbo/poc/blob/master/00063-metapixel-assert-open_gif_file-5 Credit: These bugs were discovered by Agostino Sarubbo of Gentoo. Timeline: 2016-11-22: bugs discovered 2016-11-22: blog post about the issues Note: These bugs were found with American Fuzzy Lop. Permalink: https://blogs.gentoo.org/ago/2016/11/22/metapixel-multiple-assertion-failures -- Agostino Sarubbo Gentoo Linux Developer
Current thread:
- metapixel: multiple assertion failures Agostino Sarubbo (Nov 22)