You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
./img2txt POC1
version: libcaca0.99beta19
Summary:
There is an illegal READ memory access at caca/dither.c:1347 (function:get_rgba_default )in libcaca latest version.
Description:
The asan debug is as follows:
$./img2txt POC1
=================================================================
==28249==ERROR: AddressSanitizer: SEGV on unknown address 0x7f88ae6a7004 (pc 0x7f88b2b37857 bp 0x000000000042 sp 0x7ffe82454ed0 T0)
==28249==The signal is caused by a READ memory access.
#0 0x7f88b2b37856 in get_rgba_default /home/company/real/libcaca-master/caca/dither.c:1347
#1 0x7f88b2b3aa16 in caca_dither_bitmap /home/company/real/libcaca-master/caca/dither.c:1009
#2 0x55688cdba96e in main /home/company/real/libcaca-master/src/img2txt.c:210
#3 0x7f88b27581c0 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x211c0)
#4 0x55688cdbaf09 in _start (/home/company/real/libcaca-master/install_asan/bin/img2txt+0x2f09)
AddressSanitizer can not provide additional info.
SUMMARY: AddressSanitizer: SEGV /home/company/real/libcaca-master/caca/dither.c:1347 in get_rgba_default
==28249==ABORTING
Confirmed in f1267fb. Minimized sample CVE-2018-20546.zip with afl-tmin (SHA1: b50dccc3ebb25dd13256fc5e59bed2fcd19cc0e4)
Following vulnerability has been reported to Red Hat issue tracker:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-20546
https://bugzilla.redhat.com/show_bug.cgi?id=1652622
Confirmed in f1267fb. Minimized sample CVE-2018-20546.zip with afl-tmin (SHA1: b50dccc3ebb25dd13256fc5e59bed2fcd19cc0e4)
Compiler optimization might affect results.
The text was updated successfully, but these errors were encountered: