header-logo
Suggest Exploit
vendor:
N/A
by:
Exploit Database
4.3
CVSS
MEDIUM
Information Leak
200
CWE
Product Name: N/A
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: N/A
2020

Image Inflation Info Leak

This vulnerability allows an attacker to cause an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels. To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png.

Mitigation:

The best way to mitigate this vulnerability is to ensure that all images are properly validated before being rendered.
Source

Exploit-DB raw data:

The attached image causes an info leak in image inflation. It occasionally crashes when rendered, otherwise it displays uninitialized memory as pixels.

To reproduce, put the attached images on a webserver and vist: http://127.0.0.1?img=inflate.png.


Proof of Concept:
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/44528.zip

Navigation

Suggest Exploit

Services By CQR