oss-sec mailing list archives
CVE Request: libmspack: frame_end overflow which could cause infinite loop
From: Salvatore Bonaccorso <carnil () debian org>
Date: Thu, 1 Jan 2015 14:12:56 +0100
Hi, Jakub Wilk originally reported to the Debian BTS a problem with cabextract on a specially crafted cab file, causing cabextract to hang forever. The problem is actually in the embedded copy of libmspack, see [1]. Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is used in many project (or embedded there like also Clamav). This issue can cause a remotely exploitable denial-of-service condition due to clamav thread hanging forever while scanning the file. A patch is available at [2] for libmspack. Could you please assign a CVE for this issue in libmspack? References: [1] https://bugs.debian.org/773041 [2] http://anonscm.debian.org/cgit/collab-maint/libmspack.git/tree/debian/patches/qtmd-fix-frame_end-overflow.patch Regards, Salvatore
Current thread:
- CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 01)
- Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 07)
- Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop cve-assign (Jan 07)
- Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop Salvatore Bonaccorso (Jan 07)