oss-sec mailing list archives
Re: CVE request: out-of-bounds memory access flaw in unrtf
From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Thu, 4 Dec 2014 20:32:25 +0100
"Vincent Danen" <vdanen () redhat com> wrote:
On 12/03/2014, at 9:57 AM, Michal Zalewski wrote:https://bugzilla.redhat.com/show_bug.cgi?id=1170233>You mixed up Michal and me :-)Possibly in reference to: https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.htmlWow, I was more tired than I thought. I did take the wrong reference and was indeed referring to Michal's mail. I've updated our bug to to note both even though it may require more than one CVE. It seems like quite the mess for an unmaintained package.
Potential fixes: http://www.fabiankeil.de/sourcecode/unrtf-0.21.5-various-fixes.diff The patch set also fixes a use-after-free issue, it probably doesn't need a CVE, though. Fabian
Attachment:
_bin
Description: OpenPGP digital signature
Current thread:
- CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 04)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 04)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 04)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 05)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 08)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Alexander Cherepanov (Dec 11)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 21)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 03)