Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sun, 30 Oct 2016 14:49:37 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: CVE request - mujs Heap-Buffer-Overflow write
 and OOB Read

Despite CVE-2016-7563 looks fixed in the mujs bug tracker, it was not
properly patched:

http://bugs.ghostscript.com/show_bug.cgi?id=697136#c4

2016-09-28 17:11 GMT-03:00 <cve-assign@...re.org>:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> > mujs str Out-of-Bound read 1 byte in function chartorune.
> > http://bugs.ghostscript.com/show_bug.cgi?id=697136
>
> >> AddressSanitizer: heap-buffer-overflow
> >> READ of size 1
> >>
> >> We were unconditionally reading the next character if we encountered
> >> a '*' in a multi-line comment; possibly reading past the end of
> >> the input.
>
> Use CVE-2016-7563.
>
>
> > mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72
> > http://bugs.ghostscript.com/show_bug.cgi?id=697137
>
> >> AddressSanitizer: heap-buffer-overflow
> >> WRITE of size 1
> >>
> >> We were not allocating space for the terminating zero byte.
>
> Use CVE-2016-7564.
>
> - --
> CVE Assignment Team
> M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
> [ A PGP key is available for encrypted communications at
>   http://cve.mitre.org/cve/request_id.html ]
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1
>
> iQIcBAEBCAAGBQJX7COpAAoJEHb/MwWLVhi24ugP/19AmMjWnrZ9kH88CpBt/y0M
> s6rWfYpCF0k56G6RSlkuUm/XOlqBPAsWK9I3REM32shkCLaA0L96IeQnW1h/flT1
> 7m30tJmxi31i31XfvpnBJWl06EqKTMZvNdNQBO+JS79ehBGmhmsIWjs9EkbBpNIv
> 9jr3rzWE+K7IAZcWAGu5e56mCC+FpNE1djZ8Iaw+RuX2oVOvJoDTq1hskiRMijKw
> qXiudF6upJ8HUzBWN3mbDAUtuA0VmYClQZ39iy7V6nH7QuwbG4XLvzAjkCjmzwhS
> bkg7zFhNOMw6J1nuVD5s5VtrhRctgaPaDDaTnNsw7IYjyYNbO+obhw3x1ZnqrXcx
> +wN3ZfMzxk0Q4n4KypmF2OJ6QITYqH5K6ofO5D9OI39cUmjsBEj1smqxSZq01xrU
> YxDyGS4gNQ6hWKS23/wgPt9YAjX+2xBMnAyygBrAzNcfFmO42XUpHDWl2ArnXQ1l
> kVyZLKOxFbGeTcsMyDFAjsDwD9tffl/6jDkZgd34em6kS1+lE7bccy2+IUsynrxz
> 7zqhueAX7uOOVbjgJ4bVpGYgebj2J8AVHJoJJKtaWskCBKbxyxbT49twJ56lSDd9
> s5kVrUGdOz6+9RO7GJ/6dEwqJjmUYXh8O/3qI3h4gjmeTHAIaJ+uxhZ5J34Sj8xe
> B6ZoBxrnz+3QVOfjQ49u
> =iapx
> -----END PGP SIGNATURE-----
>

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ