Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e27fe29d768b4d2787b24e8c35e19913@imshyb02.MITRE.ORG>
Date: Thu, 10 Nov 2016 12:31:08 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: libming: listmp3: left shift in listmp3.c

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-left-shift-in-listmp3-c
> 
> if you have a web application that calls directly the
> listmp3 binary to parse untrusted mp3, then you are affected.
> 
> listmp3.c:94:23: runtime error: left shift of negative value -1
> listmp3.c:95:23: runtime error: left shift of negative value -1

Use CVE-2016-9266.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYJK07AAoJEHb/MwWLVhi2xnIP/iMrmWEcLGxqkTjHbe/42kYD
VyEq/lC0HbGi+5xvI5qLcC3AhmUC4WnpkyzNzOMh+fynNiojxM6qjWVsPHx5oWqd
pUPBjGgZ08zdprhG9ovk5WE8+05ndCwSr47XJyyyJh6e3rUE4Le8wFs7AP7Qi0Lf
7zOkVw1d8fAYYFg1UKToNilbuLFYwJmbEIjVZorhjH/8GJxhYqIk5HWWfBHGNyD7
Huxvr9SXciyqhVKy+wOlSx9CU/M61iCXl4F+3cbnqX4xfFwoDUTRmbtHBJYXRBX4
F2o2Ouh7Xvl5dBR4d9QN6s9Lw3hAY28Mz5E74h9u2QqzuRbNnArKfUe5npTYM3V0
FSFZcv3e00Nojvsb1HvwVbpWnrGqv+ki9GbXAioBxJtuYWCV5MEguhq898nTRo1q
WI2ZuyE7xapCEWYygz/W7Lc4UuIEHrZC7NvQs6IaICbGSbcbfl3/kwe14Z02K5fL
AAteRtSd5DG97hZ6xhIdZhySxTXfa7mwmtaZpdKIYt1hKlwubDAtyrBDyFEle+mj
AEUM/ynACAT3JMlR3KmFSdShluKbqo2s/DpsaA3SiXKNKbj5DLTo9U530AmvIQPq
0qYTDeeb7p2POFf/nJg3RiUgPnLUl44lNskI5xyZVwmlLfi1a7hLaKQ1rUzXYZqR
j+6hvOFIw29NRzOZWo6o
=/BbH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.