-
-
Notifications
You must be signed in to change notification settings - Fork 457
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
heap-buffer-overflow in mc_chroma when decoding file #238
Comments
+1, looks like this is still not fixed. i also found this issue. can send POC if required. |
@hardik05 Can you comment here linking to your POC? I will reproduce this until Saturday. This was assigned CVE-2020-21597. |
The poc is no longer triggering with the state in the master branch, as of today at The test were commited on Debian unstable, gcc (Debian 12.2.0-14) 12.2. Methology:Starting point for all bisects were commit c43f2f8 (selected, as this is around the time where the CVEs were reported)
Bisecting is done using, so that git will report the first "good" commit. Bisecting is done using the CMake build system, using The pocs -- taken from the upstream issues (renamed for convience, so that the link to the CVE/issue is in the filename) CVE-2020-21597-issue238-mc_chroma-heap_overflow.crashf538254 is the first fixed commit
|
Thanks @leonzhao7 and @coldtobi |
heap-buffer-overflow in mc_chroma when decoding file
I found some problems during fuzzing
Test Version
dev version, git clone https://github.com/strukturag/libde265
Test Environment
root@ubuntu:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.6 LTS
Release: 16.04
Codename: xenial
root@ubuntu:
# uname -a16.04.1-Ubuntu SMP Tue Jan 29 18:03:48 UTC 2019 x86_64 x86_64 x86_64 GNU/LinuxLinux ubuntu 4.15.0-45-generic #48
Test Configure
./configure
configure: ---------------------------------------
configure: Building dec265 example: yes
configure: Building sherlock265 example: no
configure: Building encoder: yes
configure: ---------------------------------------
Test Program
dec265 [infile]
Asan Output
POC file
libde265-mc_chroma-heap_overflow.zip
password: leon.zhao.7
CREDIT
Zhao Liang, Huawei Weiran Labs
The text was updated successfully, but these errors were encountered: