Re: CVE Request: arj: free on invalid pointer due to to buffer overflow

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Jakub Wilk reported arj crashing on a ARJ file in [1]. Guillem Jover
> pointed out that the invalid pointer is due to a buffer overflow write
> access initiated by a value which is under user control, see [2]. He
> prepared as well a patch for this issue[3]. Could assign a CVE for
> this issue?
>
>  [1] https://bugs.debian.org/774015
>  [2] https://bugs.debian.org/774015#11
>  [3] http://git.hadrons.org/gitweb/?p=debian/pkgs/arj.git;a=blob_plain;f=debian/patches/security-afl.patch

For purposes of determining the number of CVE IDs,
https://bugs.debian.org/774015#11 is considered a 2015 vulnerability
announcement, and https://bugs.debian.org/774015#3 is not considered a
vulnerability announcement at all.

(There was another conceivable interpretation in which part of
security-afl.patch fixed an issue discovered by Jakub Wilk in 2014,
and another part of security-afl.patch fixed a second similar issue
discovered by Guillem Jover in 2015, with two CVEs. We aren't doing
that here.)

Use CVE-2015-2782.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVF5mQAAoJEKllVAevmvmsTmEH/ReeQDQTDs+tTkIjaKluhuwV
0U2+fpmNTkKfkr2Gf8CWaQ891Topc/c+dIEMVmuIJuWMJVdYfJ3V8ifB0n4U8srO
Jd4TYqgsWP4xoPBmQtEev5bxPk00/yhnlFv6xUF8Sic2iloLbzEKG+vnBaMCuvxr
uUSu5/xOCPZhxwJAYww0FzS1ZrV4D12iDLtEobfpPq9EEdrQdgMa6n/luX7Lrowe
tDiJTT2vG8I0ITIi5E7itAFTYqcjmWgQ8pt4qqYEeMdgDCsoTEwJz8k8U+JnrjQC
CEVixkXwkY8xxvNzlQE1zArRM6869qWVzCDT2tiTcoMXcPYuDQwAG6VUBGp+XEQ=
=+r+1
-----END PGP SIGNATURE-----