oss-sec mailing list archives
Re: catdoc: out of bounds heap read and nullpointer / segfault
From: Hanno Böck <hanno () hboeck de>
Date: Sun, 25 Nov 2018 15:18:53 +0100
Hi, On Sun, 25 Nov 2018 13:09:12 +0100 Agostino Sarubbo <ago () gentoo org> wrote:
something about catdoc was already reported time ago: https://marc.info/?l=oss-security&m=142627461816744&w=2 I don't know atm if your findings are duplicate or not.
There was a version with fixes inbetween (0.95, may 2016) which says in the changelog "Fixed lot of segfaults on incorrect or corrupted data" [1]. My reports are mainly to have it publicly referenced that it's still not robust. [1] https://www.wagner.pp.ru/~vitus/software/catdoc/changelog.html -- Hanno Böck https://hboeck.de/ mail/jabber: hanno () hboeck de GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
Current thread:
- catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck (Nov 25)
- Re: catdoc: out of bounds heap read and nullpointer / segfault Agostino Sarubbo (Nov 25)
- Re: catdoc: out of bounds heap read and nullpointer / segfault Hanno Böck (Nov 25)
- Re: catdoc: out of bounds heap read and nullpointer / segfault Agostino Sarubbo (Nov 25)