oss-sec mailing list archives
Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write
From: <cve-assign () mitre org>
Date: Thu, 12 Jan 2017 21:42:49 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
1. Null pointer dereference in regexp.c The return value from malloc is not properly checked before dereferencing it which can result in a crash. https://bugs.ghostscript.com/show_bug.cgi?id=697381 http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73156496e569
Use CVE-2016-10132 for all of fd003eceda531e13fbdd1aeb6e9c73156496e569.
2. Heap buffer overflow write in jsrun.c: js_stackoverflow() There was a logical error in the code which can be used to trigger a heap overflow write. https://bugs.ghostscript.com/show_bug.cgi?id=697401 http://git.ghostscript.com/?p=mujs.git;a=commit;h=77ab465f1c394bb77f00966cd950650f3f53cb24
Use CVE-2016-10133. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYeD4KAAoJEHb/MwWLVhi2tNQP+gO/jAYeCK8O03qGyZW4HR9K LeI+GjI0nU1ZD6VY5ynAl+4bXTGSNjpL7sh6nPdI3RKtEFpCpiQBlfiUfAB93Cae YlINFDpjEH24fFSlmVrIGoisR3SodhuUjOqwTkhtw9SnxbnkpXtJzyJnwLgjic6f c0BsAAirhQ0WiEMG0XJPgbdhNixH8xj5JP8iEbB3nGAiIkQb5CjCW74iuXNsZjOW ZcYM67PyEGs1CoXYlaWMYSLZSHu5U6eAqQ7oE8HYZQgBMEpCKgkhH54ex0otWk9Y Xt/8RIzY3WR10kQa7aisGydnfz0eAcRR91KOsSr3wcZ23Tihvg+O+kuMA+VjChG1 UnB2mroYPlFEEghSY8kqECWQ0nvGnKDZ4RvsEZzaMBms4K/4thDtnfBo3TVVJvAl otYqNIeIMelKOi8Fev4bipAJmGn3JNbaTgOeBSp+TgetI+wCZmBsUZoVn9nxD/Dt A3XgmZBguPRTrMUl1TYys0Vl8iIHZdn/NJiplKy3utFmGuTeL5vwVg5tN4b6zqvY 5Em05T0+o+vL8H0/qV9oGLKeEUvrj2sGVZe6UcWvc8Q3BLmeKcXLt+9f+0wUIxf3 35d5soiyf1OCaxBx5C3vXFabVMeK1vA4xQ/mDaAVoDd8TgXz1vZx69xIVqPTg/g0 Df8IDTbCR7C260PXUsv6 =g88C -----END PGP SIGNATURE-----
Current thread:
- CVE Request: MUJS null pointer dereference and Heap buffer overflow write Dileep Kumar (Jan 12)
- Re: CVE Request: MUJS null pointer dereference and Heap buffer overflow write cve-assign (Jan 12)