From fabc7926ac82b069018c079cfca439dc81bc8aa8 Mon Sep 17 00:00:00 2001 From: Nguyễn Gia Phong Date: Thu, 20 Feb 2025 10:53:19 +0900 Subject: Add ASan'ed libjpeg-turbo 2.0.1 for CVE-2018-19664 --- bugs/README.md | 6 ++++++ bugs/cve/2018/19664/heap-buffer-overflow-2.jpg | Bin 0 -> 9756 bytes 2 files changed, 6 insertions(+) create mode 100644 bugs/cve/2018/19664/heap-buffer-overflow-2.jpg (limited to 'bugs') diff --git a/bugs/README.md b/bugs/README.md index 6a3ba1c..cc493a5 100644 --- a/bugs/README.md +++ b/bugs/README.md @@ -67,6 +67,11 @@ cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:211_1.bmp cjpeg -outfile /dev/null cve/2018/14498/hbo_rdbmp.c:211_2.bmp +- CVE-2018-19664: [heap buffer overflow][libjpeg-turbo-305] + + guix shell libjpeg-turbo@2.0.1 + djpeg -colors 256 -bmp cve/2018/19664/heap-buffer-overflow-2.jpg + ## libxml2 - CVE-2017-5969: [null pointer derefence][oss-sec-20161105-3] @@ -86,6 +91,7 @@ [jasper-67]: https://github.com/jasper-software/jasper/issues/67 [libarchive-717]: https://github.com/libarchive/libarchive/issues/717 [libjpeg-turbo-258]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/258 +[libjpeg-turbo-305]: https://github.com/libjpeg-turbo/libjpeg-turbo/issues/305 [mozjpeg-268]: https://github.com/mozilla/mozjpeg/issues/268 [oss-sec-20161105-3]: https://www.openwall.com/lists/oss-security/2016/11/05/3 [redhat-955808]: https://bugzilla.redhat.com/show_bug.cgi?id=955808 diff --git a/bugs/cve/2018/19664/heap-buffer-overflow-2.jpg b/bugs/cve/2018/19664/heap-buffer-overflow-2.jpg new file mode 100644 index 0000000..dbe6a9f Binary files /dev/null and b/bugs/cve/2018/19664/heap-buffer-overflow-2.jpg differ -- cgit 1.4.1