Date: Wed, 28 Jun 2017 14:03:16 +0200 From: Agostino Sarubbo <ago@...too.org> To: oss-security@...ts.openwall.com Subject: lame: multiple vulnerabilities Hello all. I discovered some crashes (which will follow one-by-one) in lame. Lame was fuzzed in the past by someone else so I take the opportunity during the CVE request to insert also some past bugs. 1) Invalid read - CVE-2015-9099 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775959 2) Null pointer dereference - CVE-2015-9100 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777160 3) Invalid read - CVE-2015-9100 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=777161 However, mitre decided that the bug N°3, CVE-2015-9100, can share the same CVE ID of https://blogs.gentoo.org/ago/2017/06/17/lame-heap-based-buffer-overflow-in-fill_buffer_resample-util-c/ At this point, I'd like to mention that mitre won't assign anymore CVE IDs for issues related to the Undefined Behavior Sanitizer, unless there are informations about the exploitability. http://common-vulnerabilities-and-exposures-cve-board.1128451.n5.nabble.com/Current-standards-criteria-for-Undefined-Behavior-td730.html#a768 The CVE IDs assigned in the past for the undefined behavior issues remain valid. I will share anyway my findings about the undefined behavior issues. They include, for completeness, some bugs that regard the frontend. You can ignore them. -- Agostino Sarubbo Gentoo Linux Developer
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ