Date: Mon, 3 Mar 2014 23:32:12 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: oss-security@...ts.openwall.com Subject: CVE Request: file: crashes when checking softmagic for some corrupt PE executables Hi file can be made to crash when checking some corrupt PE executables, and so could be used to mount a denial of service for file, or an application using file/libmagic. Upstream bugreport: http://bugs.gw.com/view.php?id=313 > Some corrupt PE executables contain invalid offset information in > their internal directories that libmagic attempts to follow and run > string searches on. mcopy() does not do bounds checking on the > indirect offset read from the file and sets up ms->search with invalid > pointers and lengths. > > The offending line in my case is the msdos magic file is 121: > >>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive > > The offset read indirectly was invalid and its bounds were not checked > in mcopy. Upstream has fixed this with following commit: https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801 Can a CVE be assigned for this issue? Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.