Date: Wed, 16 Apr 2014 13:36:35 +0200 From: Źmicier Januszkiewicz <gauri@....by> To: oss-security@...ts.openwall.com Subject: libmms heap-based buffer overflow fix Hello list, It seems libmms has fixed a buffer overflow in a recent 0.6.4 version with the following commit. http://sourceforge.net/p/libmms/code/ci/03bcfccc22919c72742b7338d02859962861e0e8 This may be triggered via an overly long line of a MMSH (MMS over HTTP) server response, effectively overflowing the buffer which has a static size (defined as BUF_SIZE, didn't check the actual numeric value). Please assign a CVE name for this, if there is none. Kind regards, Z.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ