Date: Wed, 7 Jan 2015 07:52:53 -0500 (EST) From: cve-assign@...re.org To: Salvatore Bonaccorso <carnil@...ian.org> cc: oss-security@...ts.openwall.com, CVE Assignments MITRE <cve-assign@...re.org> Subject: Re: CVE Request: libmspack: frame_end overflow which could cause infinite loop On Wed, 7 Jan 2015, Salvatore Bonaccorso wrote: > On Thu, Jan 01, 2015 at 02:12:56PM +0100, Salvatore Bonaccorso wrote: >> Libmspack, a library to provide compression and decompression of >> some file formats used by Microsoft, is used in many project (or >> embedded there like also Clamav). This issue can cause a remotely >> exploitable denial-of-service condition due to clamav thread hanging >> forever while scanning the file. A patch is available at  for >> libmspack. > > I have to clarify this last part of my CVE request for libmspack. I > mentioned clamav embedding libmspack. Upstream Clamav tarball embeds > an older version of libmspack, which does not seem to be affected by > this problem. The problem itself for libmspack can be reproduced with > https://bugs.debian.org/773041#13 . > > Regards, > Salvatore Use CVE-2014-9556. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ