taolaw

1.FreeImage-3.18 LibOpenJpeg/j2k.c file memcpy function Out-of-bounds A out-of-bounds in line '3643' of the 'j2k_read_ppm_v3' function. Where the value of 'l_N_ppm' comes from the file read in, and occurs out-of-bounds when 'l_N_ppm' is greater than the size of p_header_data. 2.FreeImage-3.18 PluginTIFF.cpp file load function heap overflow vulnerability When the program reads a tiff file, it will be handed to the Load function of the 'PluginTIFF.cpp' file, but in the '2074' line of the program, when...

A memory leak in line 430 of bzip2recover.c In the bsOpenReadStream function, the memory pointer is obtained by malloc and finally assigned to bsIn, but since there is no free memory pointer, the memory leak is eventually caused. When reading some special bz2 files, it will cause the program to crash, as follows An attacker can cause a target service denial of service by uploading or sending a specially constructed bz2 file. Attachments is the sample file. In addition, I found that there are many...

4.A stack buff overflower in JXRMeta.c When reading a special JXR file, the 249 line StreamCalcIFDSize function of JXRMeta.c repeatedly calls itself due to improper processing of the file, eventually causing the stack to be filled.An attacker can reach a remote denial of service attack by sending a specially constructed file. The following example is the status of the stack space after the crash is triggered.

1.FreeImage-3.18 LibOpenJpeg/j2k.c file memcpy function Out-of-bounds A out-of-bounds in line '3643' of the 'j2k_read_ppm_v3' function. Where the value of 'l_N_ppm' comes from the file read in, and occurs out-of-bounds when 'l_N_ppm' is greater than the size of p_header_data. 2.FreeImage-3.18 PluginTIFF.cpp file load function heap overflow vulnerability When the program reads a tiff file, it will be handed to the Load function of the 'PluginTIFF.cpp' file, but in the '2074' line of the program, when...

1.FreeImage-3.18 LibOpenJpeg/j2k.c file memcpy function Out-of-bounds A out-of-bounds in line '3643' of the 'j2k_read_ppm_v3' function. Where the value of 'l_N_ppm' comes from the file read in, and occurs out-of-bounds when 'l_N_ppm' is greater than the size of p_header_data. 2.FreeImage-3.18 PluginTIFF.cpp file load function heap overflow vulnerability When the program reads a tiff file, it will be handed to the Load function of the 'PluginTIFF.cpp' file, but in the '2074' line of the program, when...