Comments (2)
Hi, SEU-SSL
I used your poc but didn't trigger any bug.
Here's my output:
./jpeg ./poc2 /dev/null
jpeg Copyright (C) 2012-2018 Thomas Richter, University of Stuttgart
and Accusoft
For license conditions, see README.license for details.
*** Warning -1038 in Tables::ParseTables, line 1399, file tables.cpp
*** Reason is: found invalid marker, probably a marker size is out of range
*** Warning -1038 in Frame::StartParseHiddenScan, line 875, file frame.cpp
*** Reason is: Start of Scan SOS marker missing
*** Warning -1038 in Frame::ParseTrailer, line 1091, file frame.cpp
*** Reason is: missing an EOI marker at the end of the stream
*** Warning -1038 in Image::ParseTrailer, line 1468, file image.cpp
*** Reason is: expecting an EOI marker at the end of the stream
0 bytes memory not yet released.
15337 bytes maximal required.
84 allocations performed.
BTW, I used clang 6.0 to compile this library. Maybe this error is related to compiler environment?
from libjpeg.
Hi, SEU-SSL I used your poc but didn't trigger any bug. Here's my output:
./jpeg ./poc2 /dev/null jpeg Copyright (C) 2012-2018 Thomas Richter, University of Stuttgart and Accusoft For license conditions, see README.license for details. *** Warning -1038 in Tables::ParseTables, line 1399, file tables.cpp *** Reason is: found invalid marker, probably a marker size is out of range *** Warning -1038 in Frame::StartParseHiddenScan, line 875, file frame.cpp *** Reason is: Start of Scan SOS marker missing *** Warning -1038 in Frame::ParseTrailer, line 1091, file frame.cpp *** Reason is: missing an EOI marker at the end of the stream *** Warning -1038 in Image::ParseTrailer, line 1468, file image.cpp *** Reason is: expecting an EOI marker at the end of the stream 0 bytes memory not yet released. 15337 bytes maximal required. 84 allocations performed.
BTW, I used clang 6.0 to compile this library. Maybe this error is related to compiler environment?
Hello, I guess this issue is fixed by this commit db33a6e
Perhaps you can try to reproduce the vulnerability with an earlier version.
from libjpeg.
Related Issues (20)
- heap-overflow in HierarchicalBitmapRequester::FetchRegion HOT 6
- null pointer dereference in BitmapHook HOT 4
- null pointer dereference in Component::SubXOf in component.hpp HOT 2
- null pointer dereference in LineBuffer::FetchRegion in linebuffer.cpp HOT 1
- Abort in SingleComponentLSScan::ParseMCU HOT 1
- Infinite loop in JPEG::ReadInternal HOT 1
- Infinite loop in Frame::ParseTrailer HOT 1
- Segmentation fault in HuffmanDecoder::Get HOT 1
- Segmentation fault in LineMerger::GetNextLowpassLine HOT 3
- autoheader: warning: autoconf input should be named 'configure.ac', not 'configure.in' HOT 1
- Abort in Reconstruct
- Abort in BitStream<false>::Get
- Abort in LSLosslessTrafo<unsigned char, 3>::InstallMarker
- two bug in jpeg encoding HOT 2
- `jpeg` generates 12-bit JPEG with 0xFF AC Huffman symbol HOT 2
- where is the actual entrance of ENCODE HOT 1
- Stack Buffer Overflow in Function 'Reconstruct' HOT 1
- MSVC 2022 Compilation error due to use of ssize_t HOT 1
- Decode failure due to unknown App14 version HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libjpeg.