Date: Mon, 3 Mar 2014 23:32:12 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Hi file can be made to crash when checking some corrupt PE executables, and so could be used to mount a denial of service for file, or an application using file/libmagic. Upstream bugreport: http://bugs.gw.com/view.php?id=313 > Some corrupt PE executables contain invalid offset information in > their internal directories that libmagic attempts to follow and run > string searches on. mcopy() does not do bounds checking on the > indirect offset read from the file and sets up ms->search with invalid > pointers and lengths. > > The offending line in my case is the msdos magic file is 121: > >>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive > > The offset read indirectly was invalid and its bounds were not checked > in mcopy. Upstream has fixed this with following commit: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801 Can a CVE be assigned for this issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ