Description
This test case implements an unchecked write into a buffer is contained within a heap-allocated struct. The struct contains a function pointer, a fixed-size buffer, and another function pointer. Untrusted input is not properly sanitized or restricted before being copied into the target buffer, resulting in a buffer overflow. The overflow will destroy one of the function pointers either side of the buffer. The weakness then accesses those pointers, resulting in a crash or execution of attacker-specified code.
Metadata
- Base program: Gimp
- Source Taint: SHARED_MEMORY
- Data Type: HEAP_POINTER
- Data Flow: VAR_ARG_LIST
- Control Flow: INFINITE_LOOP
Flaws
Test Suites
Gimp 2.8.8
IARPA STONESOUP Phase 3 - Test Cases
Documentation
Have any comments on this test case? Please, send us an email.