[Secure-testing-team] Bug#768369: [libjpeg62-turbo] [DOS] Stack smashing
bastien ROUCARIES
roucaries.bastien+debian at gmail.com
Thu Nov 6 22:19:16 UTC 2014
Package: libjpeg62-turbo
Version: 1:1.3.1-10
Severity: serious
Tags: security
X-Debbugs-CC: secure-testing-team at lists.alioth.debian.org
control: affects -1 imagemagick
Special crafted jpeg files lead to stack smashing and lead to at least a dos (maybe remote due to imagick).
Source file are here http://tapani.tarvainen.info/linux/convertbug/
I am going to ask a CVE
Bastien
LANG=C convert -rotate 270 003632r270.jpg junk.jpg 2>&1
*** stack smashing detected ***: convert terminated
======= Backtrace: =========
/lib/x86_64-linux-gnu/libc.so.6(+0x7303f)[0x7f03eafad03f]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x37)[0x7f03eb030137]
/lib/x86_64-linux-gnu/libc.so.6(__fortify_fail+0x0)[0x7f03eb030100]
/usr/lib/x86_64-linux-gnu/libjpeg.so.62(+0x11553)[0x7f03e78df553]
/usr/lib/x86_64-linux-gnu/libjpeg.so.62(+0x4717)[0x7f03e78d2717]
/usr/lib/x86_64-linux-gnu/libjpeg.so.62(jpeg_finish_compress+0x96)[0x7f03e78d2006]
/usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/jpeg.so(+0x52d0)[0x7f03e7b2a2d0]
/usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2(WriteImage+0x50c)[0x7f03eb8b21bc]
/usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2(WriteImages+0x1ea)[0x7f03eb8b287a]
/usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2(ConvertImageCommand+0x2811)[0x7f03eb543c81]
/usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2(MagickCommandGenesis+0x707)[0x7f03eb5adee7]
convert[0x400887]
/lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xf5)[0x7f03eaf5bb45]
convert[0x4008db]
======= Memory map: ========
00400000-00401000 r-xp 00000000 08:03 1185315 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/bin-Q16/convert
00600000-00601000 r--p 00000000 08:03 1185315 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/bin-Q16/convert
00601000-00602000 rw-p 00001000 08:03 1185315 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/bin-Q16/convert
0193b000-01997000 rw-p 00000000 00:00 0 [heap]
7f03e23e9000-7f03e23ea000 ---p 00000000 00:00 0
7f03e23ea000-7f03e525c000 rw-p 00000000 00:00 0 [stack:30025]
7f03e6a53000-7f03e78ce000 rw-p 00000000 00:00 0
7f03e78ce000-7f03e7913000 r-xp 00000000 08:03 1183749 /usr/lib/x86_64-linux-gnu/libjpeg.so.62.1.0
7f03e7913000-7f03e7b13000 ---p 00045000 08:03 1183749 /usr/lib/x86_64-linux-gnu/libjpeg.so.62.1.0
7f03e7b13000-7f03e7b14000 r--p 00045000 08:03 1183749 /usr/lib/x86_64-linux-gnu/libjpeg.so.62.1.0
7f03e7b14000-7f03e7b15000 rw-p 00046000 08:03 1183749 /usr/lib/x86_64-linux-gnu/libjpeg.so.62.1.0
7f03e7b15000-7f03e7b25000 rw-p 00000000 00:00 0
7f03e7b25000-7f03e7b30000 r-xp 00000000 08:03 1228159 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/jpeg.so
7f03e7b30000-7f03e7d2f000 ---p 0000b000 08:03 1228159 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/jpeg.so
7f03e7d2f000-7f03e7d30000 r--p 0000a000 08:03 1228159 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/jpeg.so
7f03e7d30000-7f03e7d31000 rw-p 0000b000 08:03 1228159 /usr/lib/x86_64-linux-gnu/ImageMagick-6.8.9/modules-Q16/coders/jpeg.so
7f03e7d31000-7f03e7d36000 r-xp 00000000 08:03 1186647 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f03e7d36000-7f03e7f35000 ---p 00005000 08:03 1186647 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f03e7f35000-7f03e7f36000 rw-p 00004000 08:03 1186647 /usr/lib/x86_64-linux-gnu/libXdmcp.so.6.0.0
7f03e7f36000-7f03e7f39000 r-xp 00000000 08:03 1179923 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f03e7f39000-7f03e8138000 ---p 00003000 08:03 1179923 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f03e8138000-7f03e8139000 r--p 00002000 08:03 1179923 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f03e8139000-7f03e813a000 rw-p 00003000 08:03 1179923 /usr/lib/x86_64-linux-gnu/libXau.so.6.0.0
7f03e813a000-7f03e81a6000 r-xp 00000000 08:03 1050253 /lib/x86_64-linux-gnu/libpcre.so.3.13.1
7f03e81a6000-7f03e83a6000 ---p 0006c000 08:03 1050253 /lib/x86_64-linux-gnu/libpcre.so.3.13.1
7f03e83a6000-7f03e83a7000 r--p 0006c000 08:03 1050253 /lib/x86_64-linux-gnu/libpcre.so.3.13.1
7f03e83a7000-7f03e83a8000 rw-p 0006d000 08:03 1050253 /lib/x86_64-linux-gnu/libpcre.so.3.13.1
7f03e83a8000-7f03e83ab000 r-xp 00000000 08:03 1053883 /lib/x86_64-linux-gnu/libdl-2.19.so
7f03e83ab000-7f03e85aa000 ---p 00003000 08:03 1053883 /lib/x86_64-linux-gnu/libdl-2.19.so
7f03e85aa000-7f03e85ab000 r--p 00002000 08:03 1053883 /lib/x86_64-linux-gnu/libdl-2.19.so
7f03e85ab000-7f03e85ac000 rw-p 00003000 08:03 1053883 /lib/x86_64-linux-gnu/libdl-2.19.so
7f03e85ac000-7f03e85ca000 r-xp 00000000 08:03 1184766 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f03e85ca000-7f03e87c9000 ---p 0001e000 08:03 1184766 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f03e87c9000-7f03e87ca000 r--p 0001d000 08:03 1184766 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f03e87ca000-7f03e87cb000 rw-p 0001e000 08:03 1184766 /usr/lib/x86_64-linux-gnu/libxcb.so.1.1.0
7f03e87cb000-7f03e87f1000 r-xp 00000000 08:03 1049399 /lib/x86_64-linux-gnu/libpng12.so.0.50.0
7f03e87f1000-7f03e89f0000 ---p 00026000 08:03 1049399 /lib/x86_64-linux-gnu/libpng12.so.0.50.0
7f03e89f0000-7f03e89f1000 r--p 00025000 08:03 1049399 /lib/x86_64-linux-gnu/libpng12.so.0.50.0
7f03e89f1000-7f03e89f2000 rw-p 00026000 08:03 1049399 /lib/x86_64-linux-gnu/libpng12.so.0.50.0
7f03e89f2000-7f03e8a19000 r-xp 00000000 08:03 1049345 /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f03e8a19000-7f03e8c19000 ---p 00027000 08:03 1049345 /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f03e8c19000-7f03e8c1b000 r--p 00027000 08:03 1049345 /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f03e8c1b000-7f03e8c1c000 rw-p 00029000 08:03 1049345 /lib/x86_64-linux-gnu/libexpat.so.1.6.0
7f03e8c1c000-7f03e8d28000 r-xp 00000000 08:03 1049471 /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.0
7f03e8d28000-7f03e8f28000 ---p 0010c000 08:03 1049471 /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.0
7f03e8f28000-7f03e8f29000 r--p 0010c000 08:03 1049471 /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.0
7f03e8f29000-7f03e8f2a000 rw-p 0010d000 08:03 1049471 /lib/x86_64-linux-gnu/libglib-2.0.so.0.4200.0
7f03e8f2a000-7f03e8f2b000 rw-p 00000000 00:00 0
7f03e8f2b000-7f03e8f41000 r-xp 00000000 08:03 1052661 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f03e8f41000-7f03e9140000 ---p 00016000 08:03 1052661 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f03e9140000-7f03e9141000 rw-p 00015000 08:03 1052661 /lib/x86_64-linux-gnu/libgcc_s.so.1
7f03e9141000-7f03e9157000 r-xp 00000000 08:03 1180591 /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7f03e9157000-7f03e9356000 ---p 00016000 08:03 1180591 /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7f03e9356000-7f03e9357000 rw-p 00015000 08:03 1180591 /usr/lib/x86_64-linux-gnu/libgomp.so.1.0.0
7f03e9357000-7f03e9457000 r-xp 00000000 08:03 1053951 /lib/x86_64-linux-gnu/libm-2.19.so
7f03e9457000-7f03e9656000 ---p 00100000 08:03 1053951 /lib/x86_64-linux-gnu/libm-2.19.so
7f03e9656000-7f03e9657000 r--p 000ff000 08:03 1053951 /lib/x86_64-linux-gnu/libm-2.19.so
7f03e9657000-7f03e9658000 rw-p 00100000 08:03 1053951 /lib/x86_64-linux-gnu/libm-2.19.so
7f03e9658000-7f03e9661000 r-xp 00000000 08:03 1185079 /usr/lib/x86_64-linux-gnu/libltdl.so.7.3.0
7f03e9661000-7f03e9860000 ---p 00009000 08:03 1185079 /usr/lib/x86_64-linux-gnu/libltdl.so.7.3.0
7f03e9860000-7f03e9861000 r--p 00008000 08:03 1185079 /usr/lib/x86_64-linux-gnu/libltdl.so.7.3.0
7f03e9861000-7f03e9862000 rw-p 00009000 08:03 1185079 /usr/lib/x86_64-linux-gnu/libltdl.so.7.3.0
7f03e9862000-7f03e987c000 r-xp 00000000 08:03 1049497 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f03e987c000-7f03e9a7b000 ---p 0001a000 08:03 1049497 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f03e9a7b000-7f03e9a7c000 r--p 00019000 08:03 1049497 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f03e9a7c000-7f03e9a7d000 rw-p 0001a000 08:03 1049497 /lib/x86_64-linux-gnu/libz.so.1.2.8
7f03e9a7d000-7f03e9a8c000 r-xp 00000000 08:03 1050090 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f03e9a8c000-7f03e9c8b000 ---p 0000f000 08:03 1050090 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f03e9c8b000-7f03e9c8c000 r--p 0000e000 08:03 1050090 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f03e9c8c000-7f03e9c8d000 rw-p 0000f000 08:03 1050090 /lib/x86_64-linux-gnu/libbz2.so.1.0.4
7f03e9c8d000-7f03e9dc9000 r-xp 00000000 08:03 1182096 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f03e9dc9000-7f03e9fc8000 ---p 0013c000 08:03 1182096 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f03e9fc8000-7f03e9fca000 r--p 0013b000 08:03 1182096 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f03e9fca000-7f03e9fcf000 rw-p 0013d000 08:03 1182096 /usr/lib/x86_64-linux-gnu/libX11.so.6.3.0
7f03e9fcf000-7f03e9fd0000 rw-p 00000000 00:00 0
7f03e9fd0000-7f03e9fe1000 r-xp 00000000 08:03 1185171 /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f03e9fe1000-7f03ea1e0000 ---p 00011000 08:03 1185171 /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f03ea1e0000-7f03ea1e1000 r--p 00010000 08:03 1185171 /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f03ea1e1000-7f03ea1e2000 rw-p 00011000 08:03 1185171 /usr/lib/x86_64-linux-gnu/libXext.so.6.4.0
7f03ea1e2000-7f03ea285000 r-xp 00000000 08:03 1185063 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.11.1
7f03ea285000-7f03ea485000 ---p 000a3000 08:03 1185063 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.11.1
7f03ea485000-7f03ea48b000 r--p 000a3000 08:03 1185063 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.11.1
7f03ea48b000-7f03ea48c000 rw-p 000a9000 08:03 1185063 /usr/lib/x86_64-linux-gnu/libfreetype.so.6.11.1
7f03ea48c000-7f03ea4c7000 r-xp 00000000 08:03 1185069 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.8.0
7f03ea4c7000-7f03ea6c6000 ---p 0003b000 08:03 1185069 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.8.0
7f03ea6c6000-7f03ea6c8000 r--p 0003a000 08:03 1185069 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.8.0
7f03ea6c8000-7f03ea6c9000 rw-p 0003c000 08:03 1185069 /usr/lib/x86_64-linux-gnu/libfontconfig.so.1.8.0
7f03ea6c9000-7f03ea8b5000 r-xp 00000000 08:03 1192745 /usr/lib/x86_64-linux-gnu/libfftw3.so.3.4.4
7f03ea8b5000-7f03eaab4000 ---p 001ec000 08:03 1192745 /usr/lib/x86_64-linux-gnu/libfftw3.so.3.4.4
7f03eaab4000-7f03eaac8000 r--p 001eb000 08:03 1192745 /usr/lib/x86_64-linux-gnu/libfftw3.so.3.4.4
7f03eaac8000-7f03eaac9000 rw-p 001ff000 08:03 1192745 /usr/lib/x86_64-linux-gnu/libfftw3.so.3.4.4
7f03eaac9000-7f03eaae0000 r-xp 00000000 08:03 1187859 /usr/lib/x86_64-linux-gnu/liblqr-1.so.0.3.2
7f03eaae0000-7f03eacdf000 ---p 00017000 08:03 1187859 /usr/lib/x86_64-linux-gnu/liblqr-1.so.0.3.2
7f03eacdf000-7f03eace0000 rw-p 00016000 08:03 1187859 /usr/lib/x86_64-linux-gnu/liblqr-1.so.0.3.2
7f03eace0000-7f03ead35000 r-xp 00000000 08:03 1180399 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.6
7f03ead35000-7f03eaf34000 ---p 00055000 08:03 1180399 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.6
7f03eaf34000-7f03eaf35000 r--p 00054000 08:03 1180399 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.6
7f03eaf35000-7f03eaf3a000 rw-p 00055000 08:03 1180399 /usr/lib/x86_64-linux-gnu/liblcms2.so.2.0.6
7f03eaf3a000-7f03eb0d9000 r-xp 00000000 08:03 1054021 /lib/x86_64-linux-gnu/libc-2.19.so
7f03eb0d9000-7f03eb2d9000 ---p 0019f000 08:03 1054021 /lib/x86_64-linux-gnu/libc-2.19.so
7f03eb2d9000-7f03eb2dd000 r--p 0019f000 08:03 1054021 /lib/x86_64-linux-gnu/libc-2.19.so
7f03eb2dd000-7f03eb2df000 rw-p 001a3000 08:03 1054021 /lib/x86_64-linux-gnu/libc-2.19.so
7f03eb2df000-7f03eb2e3000 rw-p 00000000 00:00 0
7f03eb2e3000-7f03eb2fb000 r-xp 00000000 08:03 1053940 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f03eb2fb000-7f03eb4fa000 ---p 00018000 08:03 1053940 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f03eb4fa000-7f03eb4fb000 r--p 00017000 08:03 1053940 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f03eb4fb000-7f03eb4fc000 rw-p 00018000 08:03 1053940 /lib/x86_64-linux-gnu/libpthread-2.19.so
7f03eb4fc000-7f03eb500000 rw-p 00000000 00:00 0
7f03eb500000-7f03eb622000 r-xp 00000000 08:03 1183729 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2.0.0
7f03eb622000-7f03eb821000 ---p 00122000 08:03 1183729 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2.0.0
7f03eb821000-7f03eb822000 r--p 00121000 08:03 1183729 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2.0.0
7f03eb822000-7f03eb826000 rw-p 00122000 08:03 1183729 /usr/lib/x86_64-linux-gnu/libMagickWand-6.Q16.so.2.0.0
7f03eb826000-7f03eba70000 r-xp 00000000 08:03 1186997 /usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2.0.0
7f03eba70000-7f03ebc70000 ---p 0024a000 08:03 1186997 /usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2.0.0
7f03ebc70000-7f03ebc84000 r--p 0024a000 08:03 1186997 /usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2.0.0
7f03ebc84000-7f03ebcc5000 rw-p 0025e000 08:03 1186997 /usr/lib/x86_64-linux-gnu/libMagickCore-6.Q16.so.2.0.0
7f03ebcc5000-7f03ebce4000 rw-p 00000000 00:00 0
7f03ebce4000-7f03ebd04000 r-xp 00000000 08:03 1054431 /lib/x86_64-linux-gnu/ld-2.19.so
7f03ebea8000-7f03ebeb5000 rw-p 00000000 00:00 0
7f03ebf00000-7f03ebf04000 rw-p 00000000 00:00 0
7f03ebf04000-7f03ebf05000 r--p 00020000 08:03 1054431 /lib/x86_64-linux-gnu/ld-2.19.so
7f03ebf05000-7f03ebf06000 rw-p 00021000 08:03 1054431 /lib/x86_64-linux-gnu/ld-2.19.so
7f03ebf06000-7f03ebf07000 rw-p 00000000 00:00 0
7fffaecf1000-7fffaed12000 rw-p 00000000 00:00 0 [stack]
7fffaeda0000-7fffaeda2000 r-xp 00000000 00:00 0 [vdso]
7fffaeda2000-7fffaeda4000 r--p 00000000 00:00 0 [vvar]
ffffffffff600000-ffffffffff601000 r-xp 00000000 00:00 0 [vsyscall]
Abandon
More information about the Secure-testing-team
mailing list