Date: Thu, 1 Jan 2015 14:12:56 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: libmspack: frame_end overflow which could cause infinite loop Hi, Jakub Wilk originally reported to the Debian BTS a problem with cabextract on a specially crafted cab file, causing cabextract to hang forever. The problem is actually in the embedded copy of libmspack, see . Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is used in many project (or embedded there like also Clamav). This issue can cause a remotely exploitable denial-of-service condition due to clamav thread hanging forever while scanning the file. A patch is available at  for libmspack. Could you please assign a CVE for this issue in libmspack? References:  https://bugs.debian.org/773041  http://anonscm.debian.org/cgit/collab-maint/libmspack.git/tree/debian/patches/qtmd-fix-frame_end-overflow.patch Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ