Bug 1649200
| Summary: | There is an illegal address access at fromsixel.c:586 (function:sixel_decode_raw_impl) in libsixel latest version that will cause serious impact. | ||||||
|---|---|---|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | shuitao gan <ganshuitao> | ||||
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> | ||||
| Status: | CLOSED NOTABUG | QA Contact: | |||||
| Severity: | urgent | Docs Contact: | |||||
| Priority: | unspecified | ||||||
| Version: | unspecified | ||||||
| Target Milestone: | --- | ||||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | All | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | Environment: | ||||||
| Last Closed: | 2018-11-13 14:44:50 UTC | Type: | Bug | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Attachments: |
|
||||||
Hello, Red Hat does not ship libsixel in any of our supported products. Please, report these issues upstream at: https://github.com/saitoha/libsixel/issues Thanks! |
Created attachment 1505141 [details] ./img2sixel POC3 version: libsixel latest version(v1.8.2) Summary: There is an illegal address access at fromsixel.c:586 (function:sixel_decode_raw_impl) in libsixel latest version that will cause serious impact. Description: The asan debug is as follows: $./img2sixel POC3 ================================================================= ================================================================= ==626==ERROR: AddressSanitizer: SEGV on unknown address 0x610fe38ed6c0 (pc 0x7f0377c8e2f7 bp 0x000000000003 sp 0x7fffa39b5cd0 T0) #0 0x7f0377c8e2f6 in sixel_decode_raw_impl /home/company/real_sanitize/libsixel-master/src/fromsixel.c:586 #1 0x7f0377c8e8b1 in sixel_decode_raw /home/company/real_sanitize/libsixel-master/src/fromsixel.c:881 #2 0x7f0377cc042c in load_sixel /home/company/real_sanitize/libsixel-master/src/loader.c:613 #3 0x7f0377cc042c in load_with_builtin /home/company/real_sanitize/libsixel-master/src/loader.c:782 #4 0x7f0377cc43d9 in sixel_helper_load_image_file /home/company/real_sanitize/libsixel-master/src/loader.c:1352 #5 0x7f0377ccf283 in sixel_encoder_encode /home/company/real_sanitize/libsixel-master/src/encoder.c:1737 #6 0x4017f8 in main /home/company/real_sanitize/libsixel-master/converters/img2sixel.c:457 #7 0x7f0377688a3f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x20a3f) #8 0x401918 in _start (/home/company/real_sanitize/poc_check/libsixel/img2sixel+0x401918) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV /home/company/real_sanitize/libsixel-master/src/fromsixel.c:586 sixel_decode_raw_impl ==626==ABORTING