oss-sec mailing list archives
Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write
From: Andreas Stieger <astieger () suse com>
Date: Thu, 29 Jun 2017 23:07:14 +0200
Hi, On 06/21/2017 02:20 PM, Alexander Bergmann wrote:
It was reported that unrar fixed a VMSF_DELTA memory corruption issue in there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to Sophos AV in 2012 but never reach upstream rar. https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol
In clamav's libunrar, this is https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 21)
- Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Alexander Bergmann (Jun 22)
- Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Andreas Stieger (Jun 29)