oss-sec mailing list archives

Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write

From: Andreas Stieger <astieger () suse com>
Date: Thu, 29 Jun 2017 23:07:14 +0200

Hi,


On 06/21/2017 02:20 PM, Alexander Bergmann wrote:

It was reported that unrar fixed a VMSF_DELTA memory corruption issue in
there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to
Sophos AV in 2012 but never reach upstream rar.

https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol


In clamav's libunrar, this is
https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd

Andreas

-- 
Andreas Stieger <astieger () suse com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)

Attachment: signature.asc
Description: OpenPGP digital signature

Current thread:

CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 21)
- Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 22)
- Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Andreas Stieger (Jun 29)