Date: Sat, 28 Mar 2015 08:51:39 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: arj: free on invalid pointer due to to buffer overflow Hi Jakub Wilk reported arj crashing on a ARJ file in . Guillem Jover pointed out that the nvalid pointer is due to a buffer overflow write access initiated by a value which is under user control, see . He prepared as well a patch for this issue. Could assing a CVE for this issue?  https://bugs.debian.org/774015  https://bugs.debian.org/774015#11  http://git.hadrons.org/gitweb/?p=debian/pkgs/arj.git;a=blob_plain;f=debian/patches/security-afl.patch Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ