Package: ufraw-batch Version: 0.22-1.1 Severity: normal Dear Maintainer,
Running 'ufraw-batch --conf' with the attached file raises a NULL pointer dereference, which may allow a denial-of-service attack of a malicious attacker. I expected the program to terminate without segfault, but the program crashes as follow. ---------------------------- (gdb) r --conf poc Starting program: /usr/bin/ufraw-batch --conf poc [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib/x86_64-linux-gnu/libthread_db.so.1". Error parsing 'poc' Error on line 1 char 1: Document must begin with an element (e.g. <book>) Program received signal SIGSEGV, Segmentation fault. strlen () at ../sysdeps/x86_64/strlen.S:106 106 ../sysdeps/x86_64/strlen.S: No such file or directory. (gdb) x/i $rip => 0x7ffff5456646 <strlen+38>: movdqu (%rax),%xmm4 (gdb) i r rax rax 0x0 0 ----------------------------- The bug was found with a fuzzer developed by 'SoftSec' group at KAIST. -- System Information: Debian Release: 9.2 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 4.9.0-3-amd64 (SMP w/1 CPU core) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages ufraw-batch depends on: ii libbz2-1.0 1.0.6-8.1 ii libc6 2.24-11+deb9u1 ii libexiv2-14 0.25-3.1 ii libgcc1 1:6.3.0-18 ii libglib2.0-0 2.50.3-2 ii libgomp1 6.3.0-18 ii libjpeg62-turbo 1:1.5.1-2 ii liblcms2-2 2.8-4 ii liblensfun1 0.3.2-3 ii libpng16-16 1.6.28-1 ii libstdc++6 6.3.0-18 ii libtiff5 4.0.8-2+deb9u1 ii zlib1g 1:1.2.8.dfsg-5 ufraw-batch recommends no packages. Versions of packages ufraw-batch suggests: pn ufraw <none> -- no debconf information
poc
Description: video/mng
