Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 7 Jan 2015 07:52:53 -0500 (EST)
From: cve-assign@...re.org
To: Salvatore Bonaccorso <carnil@...ian.org>
cc: oss-security@...ts.openwall.com,
        CVE Assignments MITRE <cve-assign@...re.org>
Subject: Re: CVE Request: libmspack: frame_end overflow which
 could cause infinite loop


On Wed, 7 Jan 2015, Salvatore Bonaccorso wrote:

> On Thu, Jan 01, 2015 at 02:12:56PM +0100, Salvatore Bonaccorso wrote:
>> Libmspack, a library to provide compression and decompression of
>> some file formats used by Microsoft, is used in many project (or
>> embedded there like also Clamav). This issue can cause a remotely
>> exploitable denial-of-service condition due to clamav thread hanging
>> forever while scanning the file. A patch is available at [2] for
>> libmspack.
>
> I have to clarify this last part of my CVE request for libmspack. I
> mentioned clamav embedding libmspack. Upstream Clamav tarball embeds
> an older version of libmspack, which does not seem to be affected by
> this problem. The problem itself for libmspack can be reproduced with
> https://bugs.debian.org/773041#13 .
>
> Regards,
> Salvatore

Use CVE-2014-9556.

---

CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ