Package: jhead Version: 3.04 A heap-buffer-overflow issue was discovered in jhead-3.04:gpsinfo.c:161.
Please run following command to reproduce it, ./jhead poc Here is the detail log: $ ./jhead poc Nonfatal Error : 'poc' Extraneous 10 padding bytes before section E1 Nonfatal Error : 'poc' Illegal value pointer for tag 0100 in Exif Nonfatal Error : 'poc' Illegal value pointer for tag fe0f in Exif Nonfatal Error : 'poc' Illegal value pointer for tag 0110 in Exif ================================================================= ==29343==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xb5e03e98 at pc 0x08059e85 bp 0xbffbf488 sp 0xbffbf478 READ of size 1 at 0xb5e03e98 thread T0 #0 0x8059e84 in ProcessGpsInfo /home/test/afl/jhead-3.04/gpsinfo.c:161 #1 0x8055a15 in ProcessExifDir /home/test/afl/jhead-3.04/exif.c:866 #2 0x8056260 in process_EXIF /home/test/afl/jhead-3.04/exif.c:1041 #3 0x804fdb8 in ReadJpegSections /home/test/afl/jhead-3.04/jpgfile.c:287 #4 0x8050190 in ReadJpegFile /home/test/afl/jhead-3.04/jpgfile.c:379 #5 0x804cad9 in ProcessFile /home/test/afl/jhead-3.04/jhead.c:905 #6 0x8049cfa in main /home/test/afl/jhead-3.04/jhead.c:1756 #7 0xb77b8636 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18636) #8 0x804b65b (/home/test/BinFuzz/jhead+0x804b65b) AddressSanitizer can not describe address in more detail (wild memory access suspected). SUMMARY: AddressSanitizer: heap-buffer-overflow /home/test/afl/jhead-3.04/gpsinfo.c:161 ProcessGpsInfo Shadow bytes around the buggy address: 0x36bc0780: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0790: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc07a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc07b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc07c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x36bc07d0: fa fa fa[fa]fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc07e0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc07f0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0800: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0810: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa 0x36bc0820: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe ==29343==ABORTING This issue was raised by binary-security-lab of Sichuan University, for fuzzing research work.
poc
Description: Binary data