Package: dmg2img Version: 1.6.5-1 Severity: important Tags: security Following attached sample file gets dmg2img to infinite loop. Sample file is fuzzed with american fuzzy lop <http://lcamtuf.coredump.cx/afl/>. Feel free to contact me in case you need more information. I was unable to find upstream bug tracker for this software.
28849ff278ed85fcb581578d40f7362b6ce8b72a denial-of-service.dmg fd under /proc says: 00037650 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00037660 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00037670 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00037680 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 00037690 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| 000376a0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................| Log file says: Signature: 0x6B6F6C79 (koly) Version: 0x00000004 HeaderSize: 0x00000200 Flags: 0x00000001 RunningDataForkOffset: 0x0000000000000000 DataForkOffset: 0x0000000000000000 DataForkLength: 0x000000000000469C RsrcForkOffset: 0x0000000000000000 RsrcForkLength: 0x0000000000000000 SegmentNumber: 0x00000000 SegmentCount: 0x00000000 SegmentID: 0x00000000000000000000000000000000 DataForkChecksumType: 0x00000000 DataForkChecksum: 0x00000000 XMLOffset: 0x000000000000469C XMLLength: 0x0000000000001E3C MasterChecksumType: 0x00000002 CRC-32 MasterChecksum: 0xEA52F304 ImageVariant: 0x00000001 SectorCount: 0x0000000000004BD1 <?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd";> <plist version="1.0"> <dict> <key>resource-fork</key> <dict> <key>blkx</key> <array> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string>Protective Master Boot Record (MBR : 0)</string> <key>Data</key> <data> bWlza�AAAAEAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAAA AAgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAgsOF5gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACgAAABQAAAAsAAAAAAAAAAAAAAAAAAAABAAAA AAAAFwwAAAAAAAAAH/////8AAAAAAAAAAAAAAAEAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>-1</string> <key>Name</key> <string>Protective Master Boot Record (MBR : 0)</string> </dict> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string>GPT Header (Primary GPT Header : 1)</string> <key>Data</key> <data> bWlzaAAAAAEAAAAAAAAAAQAAAAAAAAABAAAAAAAAAAAA AAgIAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAgMIi6gwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACgAAABQAAAAcAAAAAAAAAAAAAAAAAAAABAAAA AAAAFsAAAAAAAAAATP////8AAAAAAAAAAAAAAAEAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>0</string> <key>Name</key> <string>GPT Header (Primary GPT Header : 1)</string> </dict> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string>GPT Partition Data (Primary GPT Table : 2)</string> <key>Data</key> <data> bWlzaAAAAAEAAAAAAAAAAgAAAAAAAAAgAAAAAAAAAAAA AAgIAAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAgQqxw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACgAAABQAAAE8AAAAAAAAAAAAAAAAAAAAgAAAA AAAAAAAAAAAAAAAAsf////8AAAAAAAAAAAAAACAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>1</string> <key>Name</key> <string>GPT Partition Data (Primary GPT Table : 2)</string> </dict> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string> (Apple_Free : 3)</string> <key>Data</key> <data> bWlzaAAAAAEAAAAAAAAAIgAAAAAAAAAGAAAAAAAAAAAA AAgIAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACAAAAAgAAAE8AAAAAAAAAAAAAAAAAAAAGAAAA AAAAALEAAAAAAAAAAP////8AAAAAAAAAAAAAAAYAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>2</string> <key>Name</key> <string> (Apple_Free : 3)</string> </dict> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string>disk image (Apple_HFS : 4)</string> <key>Data</key> <data> bWlzaAAAAAEAAAAAAAAAKAAAAAAAAEuIAAAAAAAAAAAA AAgIAAAABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAgyxW3agAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAALgAAABQAAAE8AAAAAAAAAAAAAAAAAAAfaAAAA AAAAMG8AAAAAAAAWLQAAAAAAAAAAAAAAAAAAB9oAAAAA AAAAJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAgAAAAAAAAAAuAAAAAAAAAAAAAAAAAAAAAAgAAABQAA ACcAAAAAAAAK4AAAAAAAAASYAAAAAAAAASMAAAAAAAAP 7wAAAAIAAAAnAAAAAAAAD3gAAAAAAAADaAAAAAAAABcr AAAAAAAAAAAAAAACAAAAAAAAAAAAABLgAAAAAAAAOJgA AAAAAAAAAAAAAAAAAAAAgAAABQAAAA0AAAAAAABLeAAA AAAAAAAIAAAAAAAAERIAAAAAAAAARQAAAAIAAAANAAAA AAAAS4AAAAAAAAAABgAAAAAAAACxAAAAAAAAAACAAAAF AAAADQAAAAAAAEuGAAAAAAAAAAEAAAAAAAARVwAAAAAA AACFAAAAAgAAAA0AAAAAAABLhwAAAAAAAAABAAAAAAAA ALEAAAAAAAAAAP////8AAAAAAAAAAAAAS4gAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>3</string> <key>Name</key> <string>disk image (Apple_HFS : 4)</string> </dict> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string>GPT Partition Data (Backup GPT Table : 5)</string> <key>Data</key> <data> bWlzaAAAAAEAAAAAAABLsAAAAAAAAAAgAAAAAAAAAAAA AAgIAAAABQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAgQqxw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACgAAABQAAAA0AAAAAAAAAAAAAAAAAAAAgAAAA AAAAL5AAAAAAAAAAsf////8AAAAAAAAAAAAAACAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>4</string> <key>Name</key> <string>GPT Partition Data (Backup GPT Table : 5)</string> </dict> <dict> <key>Attributes</key> <string>0x0050</string> <key>CFName</key> <string>GPT Header (Backup GPT Header : 6)</string> <key>Data</key> <data> bWlzaAAAAAEAAAAAAABL0AAAAAAAAAABAAAAAAAAAAAA AAgIAAAABgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAIAAAAg2iuEDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAACgAAABQAAAA0AAAAAAAAAAAAAAAAAAAABAAAA AAAAANUAAAAAAAAATv////8AAAAAAAAAAAAAAAEAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAA= </data> <key>ID</key> <string>5</string> <key>Name</key> <string>GPT Header (Backup GPT Header : 6)</string> </dict> </array> <key>plst</key> <array> <dict> <key>Attributes</key> <string>0x0050</string> <key>Data</key> <data> AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAQAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA AAAAAAAAAAAA </data> <key>ID</key> <string>0</string> <key>Name</key> <string></string> </dict> </array> </dict> </dict> </plist> run..... ..type.... ..reserved ..sectorStart..... ..sectorCount..... ..compOffset...... ..compLength...... 0x00000000 0x00000140 0x000002C0 0x0000000000000000 0x0000000000000040 0x000000000005C300 0x00000000000007FF 0x00000001 0xFFFFFFC0 0x00000000 0x0000000000000040 0x0000000000000000 0x0000000000000000 0x0000000000004141 0x00000002 0x41414141 0x41414141 0x0041414141414141 0x0041424141414141 0x4141414677774141 0x4141414141414148 0x00000003 0x2F2F2F2F 0x2F384141 0x0041414141414141 0x0041414141454141 0x4141414141414141 0x4141414141414141 0x00000004 0x41414141 0x41414141 0x0041414141413D00 0x0041414141414541 0x414141410A090909 0x0941414141414141 0x00000005 0x41414141 0x41414141 0x0041414141414141 0x004141413D0A0909 0x0909000000000000 0x0000000011190000 0x00000006 0x00000000 0x00000000 0x0000000000000000 0x0000000000000000 0x0000004000000000 0x0005C30000000000 zero 0x00000007 0x000007FF 0xFFFFFFC0 0x0000000000000000 0x0000004000000000 0x0000000000000000 0x0000000000000000 0x00000008 0x00004141 0x41414141 0x0041414141414141 0x0041414141414241 0x4141414141414146 0x7777414141414141 0x00000009 0x41414148 0x2F2F2F2F 0x0038414141414141 0x0041414141414141 0x4145414141414141 0x4141414141414141 0x0000000A 0x41414141 0x41414141 0x0041414141414141 0x00413D0041414141 0x4141454141414141 0x0A09090909414141 0x0000000B 0x41414141 0x41414141 0x0041414141414141 0x0041414141414141 0x3D0A090909090000 0x0000000000000000 0x0000000C 0x11190000 0x00000000 0x0000000000000000 0x0000000000000000 0x0000000000000040 0x000000000005C300 0x0000000D 0x00000000 0x000007FF 0x007FFFC000000000 0x0000000000000040 0x0000000000000000 0x0000000000000000 zero 0x0000000E 0x00000000 0x00004141 0x0041414141414141 0x0041414141414141 0x4141424141414141 0x4141414677774141 zero -- Henri Salo
denial-of-service.dmg
Description: application/apple-diskimage
