oss-sec mailing list archives
CVE Request: MUJS null pointer dereference and Heap buffer overflow write
From: Dileep Kumar <dileep.chinu () gmail com>
Date: Thu, 12 Jan 2017 20:44:12 +0530
Hi, The details of the two bugs found in MUJS (https://github.com/ccxvii/mujs) are as follows : 1. Null pointer dereference in regexp.c The return value from malloc is not properly checked before dereferencing it which can result in a crash. More details on the bug in the bug report at: https://bugs.ghostscript.com/show_bug.cgi?id=697381 This has been fixed by the MUJS team in the commit: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73 156496e569 2. Heap buffer overflow write in jsrun.c: js_stackoverflow() There was a logical error in the code which can be used to trigger a heap overflow write. More details on the bug in the bug report at: https://bugs.ghostscript.com/show_bug.cgi?id=697401 The same has been fixed by the MUJS team in the commit: http://git.ghostscript.com/?p=mujs.git;a=commit;h= 77ab465f1c394bb77f00966cd950650f3f53cb24 Both bugs are found by Dileep Kumar Jallepalli using AFL. Please kindly assign CVEs if suitable. Thanks, Dileep Kumar Jallepalli
Current thread:
- CVE Request: MUJS null pointer dereference and Heap buffer overflow write Dileep Kumar (Jan 12)
- Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write cve-assign (Jan 12)