Date: Wed, 21 Sep 2016 19:01:23 +0800 From: Puzzor <puzzorsj@...il.com> To: oss-security@...ts.openwall.com Subject: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Hello, Two vulnerabilities were found in mujs latest version, and they have got fixed. 1. mujs str Out-of-Bound read 1 byte in function chartorune. http://bugs.ghostscript.com/show_bug.cgi?id=697136 2. mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72 http://bugs.ghostscript.com/show_bug.cgi?id=697137 Please assign CVE-IDs for them. The vulnerabilities were found by Shi Ji(@...zor) Best regards, Shi Ji(@...zor)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ