libsixel icon indicating copy to clipboard operation
libsixel copied to clipboard

Published 20 hours ago verified publisher icon saitoha

Assertion failure in stbi__jpeg_huff_decode, stb_image.h:1894

Open waugustus opened this issue 2 years ago • 3 comments

Description

There is an assertion failure error in stbi__jpeg_huff_decode, stb_image.h:1894. Remote attackers could leverage this vulnerability to cause a denial-of-service via a crafted jpg file.

Version

img2sixel 1.8.6, commit id 6a5be8b72d84037b83a5ea838e17bcf372ab1d5f (Tue Jan 14 02:27:00 2020 +0900)

Reproduction

# img2sixel poc -o /tmp/foo
img2sixel: stb_image.h:1894: stbi__jpeg_huff_decode: Assertion `(((j->code_buffer) >> (32 - h->size[c])) & stbi__bmask[h->size[c]]) == h->code[c]' failed.
Aborted (core dumped)

poc.zip

Platfrom

# uname -a
Linux 4a409ce47130 5.4.0-70-generic #78~18.04.1-Ubuntu SMP Sat Mar 20 14:10:07 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux

waugustus avatar Apr 23 '22 16:04 waugustus

Can you report the issue to the new upstream at https://github.com/libsixel/libsixel ?

carnil avatar May 12 '22 10:05 carnil

Can you report the issue to the new upstream at https://github.com/libsixel/libsixel ?

OK, and thank you for your suggestion.

waugustus avatar May 12 '22 13:05 waugustus

CVE-2022-29977 assigned.

waugustus avatar May 17 '22 08:05 waugustus