Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sat, 28 Feb 2015 20:10:37 -0500 (EST)
From: cve-assign@...re.org
To: brian.carpenter@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: pngcrush 1.7.83 crash bug (most likely exploitable)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> I found a crash bug in pngcrush that is most likely
> exploitable and wanted to get a CVE assignment for it. I've already been in
> contact with the pngcrush author and this bug has been fixed in pngcrush
> v1.7.84 (which was released today, no mention of this in the changelog
> though: http://sourceforge.net/p/pmt/news/2015/02/pngcrush-1784-released/).

> Access violation on destination operand

> Exploitability Classification: EXPLOITABLE
> Explanation: The target crashed on an access violation at an address
> matching the destination operand of the instruction. This likely indicates
> a write access violation, which means the attacker may control the write
> address and/or value.

> I've attached the test case but here is a hexdump:
> 0000000 4d8a 474e 0a0d 0a1a 0000 0000 3030 3030
> 0000010

Use CVE-2015-2158.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJU8ma2AAoJEKllVAevmvmsFAYH/0ujgIRpqfsSkLyHnkg/Fl5s
VyZGtK6cQYxhOGcIpc6Jr4BwrdeL3+lJhyWxKoighU334ZrCmSfaMnZPfiQluOcH
cCNBsFp+8YyIazB9PMyds3s5MxpwhIcp0DuD4aIQBOXiciMgEF64LvW/zhfLZ4QC
GmlcHmKYs5pYgbc/nFxnhZ9fIlLtkghyPCJb4F6b80Z6S/58UCV73QiULUFP3zhS
3XftzLhEJuCUxqXg6K0fd9NTxujrs7oHUmS47ElZLnN1o/TvqnO6uDfEPzfMqGn1
4/0ZNN56EjTumiGqij6LxxbbNX5JiqNEA8lBmMI5uW3+2P/muAk3m3/Q0x+xm1E=
=BZb9
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ