oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Possible CVE Requests: libmspack: several issues

From: cve-assign () mitre org
Date: Thu, 11 Jun 2015 09:54:26 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


null pointer dereference on a crafted CAB:
 - https://bugs.debian.org/774665


Use CVE-2014-9732.



CHM decompression: division by zero
 - https://bugs.debian.org/774725


Use CVE-2015-4467.



CHM decompression: pointer arithmetic overflow
 - https://bugs.debian.org/774726


Relative to the
http://anonscm.debian.org/cgit/collab-maint/libmspack.git/commit/?id=a25bb144795e526748b57884daf365732c7e2295
commit, use CVE-2015-4468 for the issues resolved by
fix-pointer-arithmetic-overflow.patch and use CVE-2015-4469 for the
issue resolved by fix-name-field-boundaries.patch. (Note that these
were originally combined within the diff included in the
https://bugs.debian.org/774726#3 message.) The
fix-name-field-boundaries.patch is about missing input validation and
can't have the same CVE ID as the two cases where the only change was
from a "p + name_len > end" test to a "name_len > end - p" test.



off-by-one buffer over-read in mspack/mszipd.c
 - https://bugs.debian.org/775498


Use CVE-2015-4470.



off-by-one buffer under-read in mspack/lzxd.c
 - https://bugs.debian.org/775499


Use CVE-2015-4471. The vendor notes that the later-problematic code
had been valid before 2006-08-31.



CHM decompression: another pointer arithmetic overflow
 - https://bugs.debian.org/775687


Use CVE-2015-4472.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVeZJSAAoJEKllVAevmvmsql4H/2k7qmN/J0L5i7nuticZBbm6
dQEHjoH4wK5n7bMoKeBVC2LAr+hlV6L5dxkfUCAknf4JwxnUCwBh27ewpGj7V5uW
JrOSeKUkq6LHPyScB5cZPeAagqDEzp42eNZbVJ0J44qlBRMjJkaLkuXDMR6DHaW9
am5vka2/zmDZgYYbdByleQnr1oB6NPGsl0cKxgZs73PxY96dr+T5E9L4njsa199Y
AxIo1ULaZ8k4AEN1OqqBTxWOI3GDj3GlWSrCPzwPyXBIz2gw6OYdd1gMoqpdEuM/
Z12I1gCdlZ3riDtBO/BMS8hW/lAcHccigao+fQegGEppCAaXPLVdZ/0qrLIsmhA=
=NsCS
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: