[frameworks-kimageformats] [Bug 498368] New: ANI plugin DoS vulnerability

https://bugs.kde.org/show_bug.cgi?id=498368


            Bug ID: 498368
           Summary: ANI plugin DoS vulnerability
    Classification: Frameworks and Libraries
           Product: frameworks-kimageformats
           Version: 6.9.0
          Platform: Compiled Sources
                OS: All
            Status: REPORTED
          Severity: grave
          Priority: NOR
         Component: general
          Assignee: [email protected]
          Reporter: [email protected]
                CC: [email protected], [email protected]
  Target Milestone: ---

- chunkSizeData is read here:
https://github.com/KDE/kimageformats/blob/c97ee00f5e8c0c1caf836fa68416157b1a153e3a/src/imageformats/ani.cpp#L353
- converted to uint32 here:
https://github.com/KDE/kimageformats/blob/c97ee00f5e8c0c1caf836fa68416157b1a153e3a/src/imageformats/ani.cpp#L357
- used as argument to read here:
https://github.com/KDE/kimageformats/blob/c97ee00f5e8c0c1caf836fa68416157b1a153e3a/src/imageformats/ani.cpp#L379

Resulting in an unbounded read (bounded only by UINT32_MAX), because
QIODevice::read will resize its byte array to the passed value here:
https://github.com/qt/qtbase/blob/403a47cfd571c9954e91234084c6994901939326/src/corelib/io/qiodevice.cpp#L1213.

-- 
You are receiving this mail because:
You are watching all bug changes.

[frameworks-kimageformats] [Bug 498368] New: ANI plugin DoS vulnerability

Reply via email to