Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 5 Dec 2014 13:02:40 +0100
From: Fabian Keil <freebsd-listen@...iankeil.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: out-of-bounds memory access flaw in
 unrtf

Hanno Böck <hanno@...eck.de> wrote:

> On Thu, 4 Dec 2014 20:32:25 +0100
> Fabian Keil <freebsd-listen@...iankeil.de> wrote:
> 
> > Potential fixes:
> > http://www.fabiankeil.de/sourcecode/unrtf-0.21.5-various-fixes.diff
> 
> Thanks, it's just that it doesn't help much (see attachment, all
> crashes with your patch applied).

Thanks for testing the patches.

I added another patch to the set that seems to fix the crashes
with your attached files when executed through afl-showmap.

At least the first 300k afl-fuzz execs (355 total paths)
seem to be crash free now.

Fabian

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.