oss-security - Re: libming: listswf: heap-based buffer overflow in parseSWF

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Date: Sun, 4 Dec 2016 22:16:15 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: libming: listswf: heap-based buffer overflow in parseSWF_DEFINEFONT (parser.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/12/01/libming-listswf-heap-based-buffer-overflow-in-parseswf_definefont-parser-c

> AddressSanitizer: heap-buffer-overflow
> WRITE of size 2

Use CVE-2016-9829.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYRNjVAAoJEHb/MwWLVhi2d0YP+wcOS+S9vSCcY76UvnIOJkAo
vIyF0ZwUuYqNT0iWRgTlBNVVwFylyT45t+NX7kIOrrMh1gZ5OitoeQLv0aTte2nG
fhkcMJGAQLAlq+3zeT+Zb6Gm5KIW2hZjZPrJLfhltMmYq5VQ9JO6mRYitvn4xqeW
nUUy/upc/4fE5LoxnA9PnVwoeV2R3e5huS5FcFQUe2ZvKcYfm5itd8QmSu60t0Jg
gcEH038p71InHVXOEwcGBpfq1lk+uoLJct+Ipj4uEsQQ924pfOml2+P9UQ/KNtKn
deQrCfL3qepypJVrD1BO2I6EEsUkI1csJFqHLKR3V1CVKZ5/oLisl56/+wwletv0
3pnoJ7G6bUb027BgTAn4TJYoFTcDDvyZstOagEqlYi2gpbdjlpgzXd+2IJhe2q4C
v/3/hefJN7OwoGs0outsCexxbFX31TlzhW4IT0XYnx4kPbdXsNiqJCZUWxU+VMWk
qAGSZSdq3Ok1F6mTyuMwTSRw0bbk9u+Hb74s7Q0RyqJWjFqFRmpsC70Qlpj2QzGR
0SCecFC4RMGhDqBqAdCO7phloHqvcFHFcJuzhWxtSHDyLlSaNldy9ucw3a5UdVnQ
op2wZ5J0uPDfys7h+1Ld5pTYazNQiZZPHPDf3YBbJ4+ru45pyIVsjfcZ/XGNejDA
ACXv1ZczHVgTagzYE+c6
=+k3D
-----END PGP SIGNATURE-----

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.