Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 28 Aug 2013 14:41:17 -0600
From: Vincent Danen <>
Subject: CVE request, libdigidoc arbitrary file overwrite flaw

I did not see a CVE for this or a request for the same, so can one be
assigned please?  Just going to cut and paste from our bugzilla:

It was reported [1],[2] that ID-software 3.7.2 (libdigidoc):

"Fixed one critical bug in the DDOC parsing routines. By persuading a
victim to open a specially-crafted DDOC file, a remote attacker could
exploit this vulnerability to overwrite arbitrary files on the system
with the privileges of the victim."

The patch is in svn (not the repository from,
but from [3] (r98).  This patch was backported for Mageia
[4] and looks applicable to what we ship in Fedora (although we have a
much older version).  The patch from Mageia (or upstream) won't apply
without changes, however, as it's adding a new error code.  Judging from
the patch, it's just making sure that the file name doesn't include '/'
or '\\' (so no paths in the filename).



Vincent Danen / Red Hat Security Response Team 

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.