Bug#887584: Constructing a special file can cause libfreeimage3 to crash

wang yan smilebugs at outlook.com
Thu Jan 18 07:29:39 UTC 2018 

Subject: Constructing a special file can cause libfreeimage3 to crash
Package: libfreeimage3
Version: 3.17.0+ds1-5
Tags: upstream
Severity: important

-- System Information:
Debian Release: 9.3
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.9.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.utf8, LC_CTYPE=en_US.utf8 (charmap=UTF-8), LANGUAGE=en_US.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libfreeimage3 depends on:
ii  libc6            2.24-11+deb9u1
ii  libgcc1          1:6.3.0-18
ii  libilmbase12     2.2.0-12
ii  libjpeg62-turbo  1:1.5.1-2
ii  libjxr0          1.1-6+b1
ii  libopenexr22     2.2.0-11+b1
ii  libopenjp2-7     2.1.2-1.1+deb9u2
ii  libpng16-16      1.6.28-1
ii  libraw15         0.17.2-6+deb9u1
ii  libstdc++6       6.3.0-18
ii  libtiff5         4.0.8-2+deb9u1
ii  libwebp6         0.5.2-1
ii  libwebpmux2      0.5.2-1
ii  zlib1g           1:1.2.8.dfsg-5

root at debian:~/Desktop# dpkg --list libfreeimage3
Desired=Unknown/Install/Remove/Purge/Hold
| Status=Not/Inst/Conf-files/Unpacked/halF-conf/Half-inst/trig-aWait/Trig-pend
|/ Err?=(none)/Reinst-required (Status,Err: uppercase=bad)
||/ Name           Version      Architecture Description
+++-==============-============-============-=================================
ii  libfreeimage3: 3.17.0+ds1-5 amd64        Support library for graphics imag


root at debian:/opt# ls
FreeImage_Fuzzer.c
root at debian:/opt# g++ FreeImage_Fuzzer.c /usr/lib/x86_64-linux-gnu/libfreeimage-3.17.0.so -o FreeImage_Fuzz
root at debian:/opt# ./FreeImage_Fuzz id_000196,sig_11,src_002098,op_flip1,pos_2
Segmentation fault
root at debian:/opt#

This Dos is suitable for all Freeimage applications.

Reference link:
https://sourceforge.net/projects/freeimage/




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20180118/56c5ebd2/attachment.html>
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: FreeImage_Fuzzer.c
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20180118/56c5ebd2/attachment.c>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: id_000196,sig_11,src_002098,op_flip1,pos_2
Type: application/octet-stream
Size: 20 bytes
Desc: id_000196,sig_11,src_002098,op_flip1,pos_2
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20180118/56c5ebd2/attachment.obj>

More information about the debian-science-maintainers mailing list