MrNanko webp4j Integer Overflow Vulnerability in GIF Decoder Function
Vulnerability
A heap buffer overflow vulnerability has been identified in the MrNanko webp4j library, specifically in versions up to 1.3.x. The issue arises in the GIF decoding function 'DecodeGifFromMemory', located in 'src/main/c/gif_decoder.c'. The vulnerability is caused by improper handling of the 'canvas_height' parameter, leading to an integer overflow. This flaw allows for a remote denial-of-service attack and potentially facilitates remote code execution.
Impact
Exploitation of this vulnerability causes a heap buffer overflow, where 8.5GB of data is written to a buffer that can only hold 18KB. This overflow corrupts memory, leading to a segmentation fault and crashing the Java Virtual Machine. The vulnerability also carries a risk of remote code execution.
Reproduction
The vulnerability can be reproduced by uploading a specially crafted GIF file that exploits the integer overflow in the 'DecodeGifFromMemory' function. This can be done through an HTTP POST request to an endpoint that processes GIF uploads and converts them to WebP.
Remediation
Users are advised to update to webp4j version 2.1.1, where this vulnerability has been fixed.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.