Date: Thu, 12 Jan 2017 20:44:12 +0530 From: Dileep Kumar <dileep.chinu@...il.com> To: oss-security@...ts.openwall.com Subject: CVE Request: MUJS null pointer dereference and Heap buffer overflow write Hi, The details of the two bugs found in MUJS (https://github.com/ccxvii/mujs) are as follows : 1. Null pointer dereference in regexp.c The return value from malloc is not properly checked before dereferencing it which can result in a crash. More details on the bug in the bug report at: https://bugs.ghostscript.com/show_bug.cgi?id=697381 This has been fixed by the MUJS team in the commit: http://git.ghostscript.com/?p=mujs.git;h=fd003eceda531e13fbdd1aeb6e9c73 156496e569 2. Heap buffer overflow write in jsrun.c: js_stackoverflow() There was a logical error in the code which can be used to trigger a heap overflow write. More details on the bug in the bug report at: https://bugs.ghostscript.com/show_bug.cgi?id=697401 The same has been fixed by the MUJS team in the commit: http://git.ghostscript.com/?p=mujs.git;a=commit;h= 77ab465f1c394bb77f00966cd950650f3f53cb24 Both bugs are found by Dileep Kumar Jallepalli using AFL. Please kindly assign CVEs if suitable. Thanks, Dileep Kumar Jallepalli
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ