Test case 153072

Type: source code
State: bad
Author: IARPA STONESOUP Test and Evaluation team
Status: candidate
Language: C
Application: cpe:2.3:a:gimp:gimp:2.8.8:*:*:*:*:*:*:*
Submission Date: 06 Oct 2015

Description

This test case implements an unchecked write into a buffer that is contained within stack-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, resulting in a buffer overflow. The overflow will destroy one of the function pointers either side of the buffer. The weakness then accesses those pointers, resulting in a crash or execution of attacker-specified code.
Metadata
- Base program: Gimp
- Source Taint: ENVIRONMENT_VARIABLE
- Data Type: UNION
- Data Flow: ADDRESS_AS_CONSTANT
- Control Flow: POINTER_TO_FUNCTION

Flaws

CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

Test Suites

Documentation

Have any comments on this test case? Please, send us an email.