oss-sec mailing list archives

Re: Buffer overflow in antiword 0.37

From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Thu, 4 Dec 2014 16:41:31 +0100

Fabian Keil <freebsd-listen () fabiankeil de> wrote:

The attached patch prevents a buffer overflow in antiword 0.37
(http://www.winfield.demon.nl/):

[...]

The buffer overflow has been reported upstream and the patch was accepted,
but apparently there will not be an official antiword release any time soon.

The bug was found with afl-fuzz.


Apparently zzuf found it first, though:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=771768

Fabian

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

Buffer overflow in antiword 0.37 Fabian Keil (Dec 01)
- Re: Buffer overflow in antiword 0.37 Murray McAllister (Dec 01)
- Re: Buffer overflow in antiword 0.37 Fabian Keil (Dec 04)