|
Message-ID: <20150101131256.GA9109@eldamar.local> Date: Thu, 1 Jan 2015 14:12:56 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: libmspack: frame_end overflow which could cause infinite loop Hi, Jakub Wilk originally reported to the Debian BTS a problem with cabextract on a specially crafted cab file, causing cabextract to hang forever. The problem is actually in the embedded copy of libmspack, see [1]. Libmspack, a library to provide compression and decompression of some file formats used by Microsoft, is used in many project (or embedded there like also Clamav). This issue can cause a remotely exploitable denial-of-service condition due to clamav thread hanging forever while scanning the file. A patch is available at [2] for libmspack. Could you please assign a CVE for this issue in libmspack? References: [1] https://bugs.debian.org/773041 [2] http://anonscm.debian.org/cgit/collab-maint/libmspack.git/tree/debian/patches/qtmd-fix-frame_end-overflow.patch Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.