oss-sec mailing list archives

Re: CVE request: out-of-bounds memory access flaw in unrtf

From: Fabian Keil <freebsd-listen () fabiankeil de>
Date: Thu, 4 Dec 2014 20:32:25 +0100

"Vincent Danen" <vdanen () redhat com> wrote:

On 12/03/2014, at 9:57 AM, Michal Zalewski wrote:

https://bugzilla.redhat.com/show_bug.cgi?id=1170233>

You mixed up Michal and me :-)


Possibly in reference to:
https://lists.gnu.org/archive/html/bug-unrtf/2014-11/msg00001.html


Wow, I was more tired than I thought.  I did take the wrong reference 
and was indeed referring to Michal's mail.

I've updated our bug to to note both even though it may require more 
than one CVE.  It seems like quite the mess for an unmaintained package.


Potential fixes:
http://www.fabiankeil.de/sourcecode/unrtf-0.21.5-various-fixes.diff

The patch set also fixes a use-after-free issue, it probably doesn't
need a CVE, though.

Fabian

Attachment: _bin
Description: OpenPGP digital signature

Current thread:

CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 03)
- Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 03)
  - Re: CVE request: out-of-bounds memory access flaw in unrtf Michal Zalewski (Dec 03)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Vincent Danen (Dec 04)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 04)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 04)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Fabian Keil (Dec 05)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 08)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Alexander Cherepanov (Dec 11)
    - Re: CVE request: out-of-bounds memory access flaw in unrtf Hanno Böck (Dec 21)
- Re: CVE request: out-of-bounds memory access flaw in unrtf cve-assign (Dec 04)