Package: futatabi Severity: normal X-Debbugs-Cc: kangwoos...@gmail.com Dear Maintainer,
I found a potential integer overflow vulnerability in util.cpp. At line 14 to 15, the program reads the value of 'width' and 'height' using fread. Since there is no bound checking, it may cause an integer overflow by maliciously crafted input file. Then it leads a small buffer allocation which may cause buggy behavior. 14 fread(&width, sizeof(width), 1, flowfp); 15 fread(&height, sizeof(height), 1, flowfp); 16 17 unique_ptr<Vec2[]> flow(new Vec2[width * height]); Thank you. -- System Information: Debian Release: bookworm/sid APT prefers testing APT policy: (500, 'testing') Architecture: amd64 (x86_64) Kernel: Linux 5.10.16.3-microsoft-standard-WSL2 (SMP w/8 CPU threads) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /bin/dash Init: unable to detect Versions of packages futatabi depends on: pn libasound2 <none> pn libavcodec58 <none> pn libavformat58 <none> pn libavutil56 <none> ii libc6 2.31-17 ii libepoxy0 1.5.8-1 ii libgcc-s1 11.2.0-3 ii libjpeg62-turbo 1:2.0.6-4 pn libmicrohttpd12 <none> pn libmovit8 <none> pn libprotobuf23 <none> ii libqt5core5a 5.15.2+dfsg-10 ii libqt5gui5 5.15.2+dfsg-10 ii libqt5network5 5.15.2+dfsg-10 pn libqt5opengl5 <none> ii libqt5widgets5 5.15.2+dfsg-10 ii libsqlite3-0 3.36.0-2 ii libstdc++6 11.2.0-3 pn libswscale5 <none> pn libva-drm2 <none> pn libva-x11-2 <none> pn libva2 <none> ii libx11-6 2:1.7.2-1 futatabi recommends no packages. futatabi suggests no packages.