Date: Thu, 29 Jun 2017 23:07:14 +0200 From: Andreas Stieger <astieger@...e.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Hi, On 06/21/2017 02:20 PM, Alexander Bergmann wrote: > It was reported that unrar fixed a VMSF_DELTA memory corruption issue in > there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to > Sophos AV in 2012 but never reach upstream rar. > > https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol In clamav's libunrar, this is https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd Andreas -- Andreas Stieger <astieger@...e.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ