Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 3 Mar 2014 23:32:12 +0100
From: Salvatore Bonaccorso <>
Subject: CVE Request: file: crashes when checking softmagic for some corrupt
 PE executables


file can be made to crash when checking some corrupt PE executables,
and so could be used to mount a denial of service for file, or an
application using file/libmagic.

Upstream bugreport:

> Some corrupt PE executables contain invalid offset information in
> their internal directories that libmagic attempts to follow and run
> string searches on. mcopy() does not do bounds checking on the
> indirect offset read from the file and sets up ms->search with invalid
> pointers and lengths.
> The offending line in my case is the msdos magic file is 121:
> >>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive
> The offset read indirectly was invalid and its bounds were not checked
> in mcopy.

Upstream has fixed this with following commit:

Can a CVE be assigned for this issue?


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ