chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file. in hpjansson/chafa

Valid

Reported on

Apr 20th 2022


Steps to reproduce the issue

git clone https://github.com/hpjansson/chafa.git

cd chafa

export CFLAGS="-g -O0" export CXXFLAGS="-g -O0" ./autogen.sh ./configure --disable-shared

make

./tools/chafa/chafa ./poc.gif

gdb --args ./tools/chafa/chafa ./poc.gif

https://github.com/JieyongMa/poc/raw/main/gdb.jpg

Proof of Concept

https://github.com/JieyongMa/poc/raw/main/poc.gif

Impact

chafa: NULL Pointer Dereference in function gif_internal_decode_frame at libnsgif.c:599 allows attackers to cause a denial of service (crash) via a crafted input file.

We are processing your report and will contact the hpjansson/chafa team within 24 hours. a month ago
We created a GitHub Issue asking the maintainers to create a SECURITY.md a month ago
We have contacted a member of the hpjansson/chafa team and are waiting to hear back a month ago
Hans
a month ago

Maintainer


Hi, thanks for reporting this. I've verified the issue and am working on a fix.

Hans Petter Jansson validated this vulnerability a month ago
TDHX ICS Security has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Hans Petter Jansson confirmed that a fix has been merged on e4b777 a month ago
The fix bounty has been dropped
Jamie Slome
a month ago

Admin


@maintainer - are you happy for us to assign and publish a CVE for this?

Hans
a month ago

Maintainer


Feel free :-) I'm happy to have the support in securing Chafa and the platform more generally, with all it entails.

Jamie Slome
a month ago

Admin


@Hans - amazing!

Feel free to drop our badge on your repository to let your community know they can win bounties for finding and fixing vulnerabilities in your repository!

[![huntr](https://cdn.huntr.dev/huntr_security_badge_mono.svg)](https://huntr.dev)

huntr

Jamie Slome
a month ago

Admin


CVE assigned and published! 🎉

to join this conversation