Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 09 Aug 2013 22:42:44 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Florian <floriangaultier@...il.com>
Subject: Re: CVE Request - LibModPlug <=0.8.8.4 multiple heap
 overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/07/2013 11:29 AM, Florian wrote:
> On 07/08/2013 19:17, Kurt Seifried wrote:
>> On 08/07/2013 10:24 AM, Florian wrote:
>>> Hi,
>> 
>>> Just a CVE Request for this 
>>> http://blog.scrt.ch/2013/07/24/vlc-abc-parsing-seems-to-be-a-ctf-challenge/
>>
>>>
>>> 
Thx
>> 
>> 
>> I need a better request. You want one CVE? multiple CVEs? A quick
>> read of the web page indicates multiple different problems. Can
>> you list them here and provide links to the source code? thanks.
>> 
> 
> Okay, so the first bug is an integer overflow in j variable, it
> occurs here : 
> https://github.com/gardaud/libmodplug/blob/master/src/load_abc.cpp#L1852

Please
> 
use CVE-2013-4233 for this issue.

> The second bug is a heap overflow and can be triggered in two
> functions abc_MIDI_drum : 
> https://github.com/gardaud/libmodplug/blob/master/src/load_abc.cpp#L3211
>
> 
and
> abc_MIDI_gchord : 
> https://github.com/gardaud/libmodplug/blob/master/src/load_abc.cpp#L3258
>
>  h->gchord and h->drum are static buffers and are filled until the
> copied byte is in the charset (respectively
> 'fbcz0123456789ghijGHIJ' and 'dz0123456789')

Please use CVE-2013-4234 for this issue.

> It's up to you to open one or multiple CVE.

Nope.

http://cve.mitre.org/cve/editorial_policies/cd_abstraction.html

I gotta follow to rules like everyone else.

> Don't hesitate if you want more information.
> 
> Thx
> 
> 
> 


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJSBcTEAAoJEBYNRVNeJnmT6vEP/R1SVk6KRnwtW7queqL/UDg/
Ji7SswSe2GBSNKmLdanWnhOJLeJsi2LjVv98U1rRR9bBxKE3BLkat/aTiM3ZACai
KmFMIDtiSLAO+iz6pAuE6Ddko2fDdCw4K5RaGkAVatdrqVyW6SH98Zfj171yVJED
GqO1TOm4xEQGPywZd+RKj6Q++yVmOQQxfyZ9cZTX6WHdZDeEhtVJtPJ3zSqquO7q
En10K6dp8JYfB6l5qLf7yedhuSWchIZUlWqvLcv2dG1t295o5mru3Mri4xcWyFMp
oluxgu20e7sTMjlxkByJQ2vT/ho8htTXlL3B5YtHtnsSsOspcak9/uQhvwrKeouY
kAO0KHjVVdhA7uk6wpVyFjnXgVFkweSg1DnMl2sDHMf/GWKnuU+CnyT3kJzGvtAM
TOQM77YsP+xowGfh62bZWgcz1UJH/00rIbWU/Edht37ZfhSikNhH00b7+QZGLh+K
LVDWf+Ifpv1GMpshkpcAk/CfZSOp9nOyxFou2InM5EvHvdtWspdI5lxLSUZxBq1I
bNoc8X5WF+wmjI8gWbiv/tddrX/JP+Qza3ogeG9kOdetr6CHICen3FaEvzMh3OZa
9rp3iLdLJ+SVhhTpDAK4FcsuplX4yPpjTv5sFSacgrDb9JLqsMGDkjSH5ZiG9Mni
esHtKi+2ApgHYHbnnpo0
=x9Ym
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ