oss-sec mailing list archives
Re: Possible CVE Requests: libmspack: several issues
From: Moritz Mühlenhoff <jmm () inutil org>
Date: Sun, 22 Feb 2015 19:55:55 +0100
On Tue, Feb 03, 2015 at 04:52:05PM +0100, Salvatore Bonaccorso wrote:
Hi Several issues with the libmspack library were reported recently in the Debian bugtracker by Jakub Wilk. An (older) copy of libmspack is also embedded in ClamAV (not verified if this version is also affected by these issues). The reported bugs are the following: null pointer dereference on a crafted CAB: - https://bugs.debian.org/774665 CHM decompression: division by zero - https://bugs.debian.org/774725 CHM decompression: pointer arithmetic overflow - https://bugs.debian.org/774726 off-by-one buffer over-read in mspack/mszipd.c - https://bugs.debian.org/775498 off-by-one buffer under-read in mspack/lzxd.c - https://bugs.debian.org/775499 CHM decompression: another pointer arithmetic overflow - https://bugs.debian.org/775687 Could CVEs be assigned for these issues?
This seems to have fallen through the cracks. Cheers, Moritz
Current thread:
- Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Feb 03)
- Re: Possible CVE Requests: libmspack: several issues Hanno Böck (Feb 03)
- Re: Possible CVE Requests: libmspack: several issues Moritz Mühlenhoff (Feb 22)
- Re: Possible CVE Requests: libmspack: several issues Salvatore Bonaccorso (Mar 03)