oss-sec mailing list archives
Re: CVE Request: arj: free on invalid pointer due to to buffer overflow
From: cve-assign () mitre org
Date: Sun, 29 Mar 2015 02:21:48 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Jakub Wilk reported arj crashing on a ARJ file in [1]. Guillem Jover pointed out that the invalid pointer is due to a buffer overflow write access initiated by a value which is under user control, see [2]. He prepared as well a patch for this issue[3]. Could assign a CVE for this issue? [1] https://bugs.debian.org/774015 [2] https://bugs.debian.org/774015#11 [3] http://git.hadrons.org/gitweb/?p=debian/pkgs/arj.git;a=blob_plain;f=debian/patches/security-afl.patch
For purposes of determining the number of CVE IDs, https://bugs.debian.org/774015#11 is considered a 2015 vulnerability announcement, and https://bugs.debian.org/774015#3 is not considered a vulnerability announcement at all. (There was another conceivable interpretation in which part of security-afl.patch fixed an issue discovered by Jakub Wilk in 2014, and another part of security-afl.patch fixed a second similar issue discovered by Guillem Jover in 2015, with two CVEs. We aren't doing that here.) Use CVE-2015-2782. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVF5mQAAoJEKllVAevmvmsTmEH/ReeQDQTDs+tTkIjaKluhuwV 0U2+fpmNTkKfkr2Gf8CWaQ891Topc/c+dIEMVmuIJuWMJVdYfJ3V8ifB0n4U8srO Jd4TYqgsWP4xoPBmQtEev5bxPk00/yhnlFv6xUF8Sic2iloLbzEKG+vnBaMCuvxr uUSu5/xOCPZhxwJAYww0FzS1ZrV4D12iDLtEobfpPq9EEdrQdgMa6n/luX7Lrowe tDiJTT2vG8I0ITIi5E7itAFTYqcjmWgQ8pt4qqYEeMdgDCsoTEwJz8k8U+JnrjQC CEVixkXwkY8xxvNzlQE1zArRM6869qWVzCDT2tiTcoMXcPYuDQwAG6VUBGp+XEQ= =+r+1 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: arj: free on invalid pointer due to to buffer overflow Salvatore Bonaccorso (Mar 28)
- Re: CVE Request: arj: free on invalid pointer due to to buffer overflow cve-assign (Mar 28)