Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Mar 2014 23:32:12 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE Request: file: crashes when checking softmagic for some corrupt
 PE executables

Hi

file can be made to crash when checking some corrupt PE executables,
and so could be used to mount a denial of service for file, or an
application using file/libmagic.

Upstream bugreport: http://bugs.gw.com/view.php?id=313

> Some corrupt PE executables contain invalid offset information in
> their internal directories that libmagic attempts to follow and run
> string searches on. mcopy() does not do bounds checking on the
> indirect offset read from the file and sets up ms->search with invalid
> pointers and lengths.
> 
> The offending line in my case is the msdos magic file is 121:
> >>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive
> 
> The offset read indirectly was invalid and its bounds were not checked
> in mcopy.

Upstream has fixed this with following commit:

https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801

Can a CVE be assigned for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ