Date: Sat, 28 Mar 2015 08:51:39 +0100 From: Salvatore Bonaccorso <carnil@...ian.org> To: OSS Security Mailinglist <oss-security@...ts.openwall.com> Cc: CVE Assignments MITRE <cve-assign@...re.org> Subject: CVE Request: arj: free on invalid pointer due to to buffer overflow Hi Jakub Wilk reported arj crashing on a ARJ file in . Guillem Jover pointed out that the nvalid pointer is due to a buffer overflow write access initiated by a value which is under user control, see . He prepared as well a patch for this issue. Could assing a CVE for this issue?  https://bugs.debian.org/774015  https://bugs.debian.org/774015#11  http://git.hadrons.org/gitweb/?p=debian/pkgs/arj.git;a=blob_plain;f=debian/patches/security-afl.patch Regards, Salvatore
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.