-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability, CVE-2024-57823, is an integer underflow in raptor_uri_normalize_path within src/raptor_rfc2396.c, occurring during URI normalization, particularly when triggered by the turtle parser. This is explicitly stated in the vulnerability description and confirmed by multiple sources including the Debian bug report (#1067896), GitHub issue (#70), and a LibreOffice commit patching the issue.
The primary vulnerable function is raptor_uri_normalize_path. The evidence is the patch itself, which makes previously debug-only path length consistency checks unconditional within this function. These checks, if active, would have caught the integer underflow. Their conditional nature in prior versions is the root cause for release builds being vulnerable.
The function raptor_uri_resolve_uri_reference is also listed as it directly consumes the underflowed path length from raptor_uri_normalize_path and uses it in a memcpy operation, which is the site of the crash (e.g., memcpy with a negative size parameter). The ASAN stack trace and the detailed explanation in the bug reports confirm its role in the manifestation of the vulnerability. Both functions would appear in a runtime profile during exploitation, with raptor_uri_normalize_path being where the underflow occurs and raptor_uri_resolve_uri_reference where the underflowed value leads to memory corruption.