Headline
CVE-2018-10753: stack-buffer-overflow music.c:5085 in delayed_output(float indent) · Issue #16 · lewdlime/abcm2ps
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
https://drive.google.com/open?id=1DvBEh5D-eW4UkvX3947UQh62i7hUIFN1
(gdb) set args POC
(gdb) r
abcm2ps-8.13.20 (2018-02-21)
File POC
POC:3:2: error: Bad character
3 |2ÿÿdÿ&e,d_d&ddªB-ÿ2ÿ
^
POC:3:3: error: Bad character
3 |2ÿÿdÿ&e,d_d&ddªB-ÿ2ÿ
.
.
.
POC:3:15: error: Wrong duration in voice overlay
POC:4:0: error: Bad character ‘k’
POC:4:0: error: Note too much dotted
POC:5:0: error: Bad character ‘N’
POC:5:0: error: Bad character ‘N’
POC:6:1: error: Wrong duration in voice overlay
POC:6:3: error: No note in voice overlay
POC:6:3: error: Bad character ‘K’
POC:6:3: error: Bad character ‘t’
POC:6:3: error: Wrong duration in voice overlay
POC:6:6: error: !slide! must be on a note or a rest
POC:6:27: warning: Line underfull (256pt of 682pt)
Program received signal SIGSEGV, Segmentation fault.
GI_getenv (name=0x7ffff6a14b8e "BC_FATAL_STDERR", name@entry=0x7ffff6a14b8c "LIBC_FATAL_STDERR")
at getenv.c:84
84 getenv.c: No such file or directory.
(gdb) bt
#0 0x00007ffff68c081d in GI_getenv (name=0x7ffff6a14b8e "BC_FATAL_STDERR",
name@entry=0x7ffff6a14b8c "LIBC_FATAL_STDERR") at getenv.c:84
#1 0x00007ffff68c0f02 in _GI___libc_secure_getenv (name=name@entry=0x7ffff6a14b8c "LIBC_FATAL_STDERR")
at secure-getenv.c:29
#2 0x00007ffff68fe55a in __libc_message (do_abort=do_abort@entry=1, fmt=fmt@entry=0x7ffff6a1649f “*** %s ***: %s terminated\n”) at …/sysdeps/posix/libc_fatal.c:80
#3 0x00007ffff69a015c in __GI___fortify_fail (msg=,
msg@entry=0x7ffff6a16481 “stack smashing detected”) at fortify_fail.c:37
#4 0x00007ffff69a0100 in __stack_chk_fail () at stack_chk_fail.c:28
#5 0x0000000000507f45 in delayed_output (indent=) at music.c:5085