Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[CVE-2018-19756] heap-based buffer over-read at stb_image.h (function: stbi__tga_load) #80

Closed
nluedtke opened this issue Dec 27, 2018 · 3 comments
Closed

[CVE-2018-19756] heap-based buffer over-read at stb_image.h (function: stbi__tga_load) #80

nluedtke opened this issue Dec 27, 2018 · 3 comments

Comments

@nluedtke
Copy link

Re-posting this here to make sure you are aware.

https://nvd.nist.gov/vuln/detail/CVE-2018-19756
https://bugzilla.redhat.com/show_bug.cgi?id=1649198
@knok
Copy link
Contributor

knok commented Jul 8, 2019

I can't reproduce it on the following environmnet:
Debian 9
libsixel git master HEAD

% ./converters/img2sixel ../POC0 > /dev/null
making histogram...
1 colors found
Image already has few enough colors (<=256).  Keeping same colors.
tupletable size: 1
% echo $?
0

@knok
Copy link
Contributor

knok commented Jul 8, 2019

Sorry, I can reploduced with -fsanitizer=address.

@knok knok mentioned this issue Jul 8, 2019
Merged
@saitoha
Copy link
Owner

saitoha commented Dec 17, 2019

@nluedtke @knok Fix for this problem #93 is merged into v1.8.3. Thanks to your great efforts.

@saitoha saitoha closed this as completed Dec 17, 2019
@mend-bolt-for-github mend-bolt-for-github bot mentioned this issue Jul 7, 2020
Closed
This was referenced Apr 8, 2021
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@knok @saitoha @nluedtke