Package: libimlib2
Version: 1.4.8-1
Tags: security
imlib2 crashes when loading the attached file:
$ debian/tmp/usr/bin/imlib2_conv invalid-free.argb /dev/null
*** Error in `debian/tmp/usr/bin/imlib2_conv': double free or corruption
(out): 0x565ff220 ***
Valgrind says it's an invalid free():
Invalid free() / delete / delete[] / realloc()
at 0x482F438: free (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x5311A67: load (loader_argb.c:86)
by 0x4860B16: imlib_save_image (api.c:4606)
by 0x108939: main (imlib2_conv.c:76)
Address 0x4dd4818 is 8 bytes inside a block of size 16 alloc'd
at 0x482E27C: malloc (in
/usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
by 0x5311987: load (loader_argb.c:62)
by 0x4860B16: imlib_save_image (api.c:4606)
by 0x108939: main (imlib2_conv.c:76)
Found using american fuzzy lop:
http://lcamtuf.coredump.cx/afl/
-- System Information:
Architecture: i386
Versions of packages libimlib2 depends on:
ii libbz2-1.0 1.0.6-8.1
ii libc6 2.24-12
ii libfreetype6 2.8-0.2
ii libgif7 5.1.4-0.4
ii libid3tag0 0.15.1b-12
ii libjpeg62-turbo 1:1.5.1-2
ii libpng16-16 1.6.30-2
ii libtiff5 4.0.8-3
ii libx11-6 2:1.6.4-3
ii libxext6 2:1.3.3-1+b2
ii zlib1g 1:1.2.8.dfsg-5
--
Jakub Wilk
ARGB 2 2
00000000
