Date: Thu, 29 Jun 2017 23:07:14 +0200 From: Andreas Stieger <astieger@...e.com> To: oss-security@...ts.openwall.com Subject: Re: CVE Request: unrar: VMSF_DELTA filter allows arbitrary memory write Hi, On 06/21/2017 02:20 PM, Alexander Bergmann wrote: > It was reported that unrar fixed a VMSF_DELTA memory corruption issue in > there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to > Sophos AV in 2012 but never reach upstream rar. > > https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol In clamav's libunrar, this is https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd Andreas -- Andreas Stieger <astieger@...e.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.