oss-sec mailing list archives
Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 22 Apr 2013 11:43:31 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 04/22/2013 05:01 AM, Agostino Sarubbo wrote:
From the secunia advisory SA53114[1]: Description A vulnerability has been reported in libxmp, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error in the "get_dsmp"() function (src/loaders/masi_load.c) when parsing MASI files, which can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 4.1.0. Solution Update to version 4.1.0. Provided and/or discovered by The vendor credits Douglas Carmichael. Original Advisory http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view Commit: http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40/ [1]: https://secunia.com/advisories/53114/
Please use CVE-2013-1980 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRdXbCAAoJEBYNRVNeJnmTyTMQAMymAtTaXTd1bjoLXBYWZ3rn 19moaCfcO+LHsuRPO0qmmaUA25sxdIqEsk4MKlLdxlyLDS+98TNo101Qp3VWfCpc 2cTCAbhNuMU+tnprM5XJusVnU0u0lGCyAAiSBPhqCT5GaOxNjhvWiX/ZbbOVsqAS xY7kb/8HsBsrq8zwTkXJjhUyLPwHbu+qmDg0WjkeBOP2lrxrITwpOfqLd6qv/3Bq jrMG3JSdOn8k8xsWhwJbcTjtlYV07gDAPmVXbb6cX/l5YZvpda1o/kFU1Wy2geDJ sv3AcvLWgKGXjjRDK/b22e7CAHJJ334CZsNOPgspmt+mtobw8bW0qTz4nZzN4skb 6MduJ9V0ZpuN3oECj4VdL171V9Px0JP+IGjWo2rXbXzIzxMA9J4tIifj5gdmwE+V X0GXGF5d3OLE2d74bGq57BmnGOg6nwgJvh1hojpwYOooRroN5/x+nQFFd6F/y1kg RPuyODbibjwEpI95k9KK9yL2XFonJrlvsJRENqOFnIvUIkUN+RUizAdr7+y2xZR5 uw9GR4nQSlCEwfwwSRYT4D+UMOcLqWbE29nKXEL8OBE/azEKXsYhp5iFyAnYUTlj sa16Lb5rckDPHjcbiRHIUeMwrgohlRWyjLWyQVNbl9/7cEqVMl90v4rGmaD8CVVN 7VG7HEFPpGtH4xP/75Rl =eEzA -----END PGP SIGNATURE-----
Current thread:
- CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Agostino Sarubbo (Apr 22)
- Re: CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability Kurt Seifried (Apr 22)