Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20140303223212.GA15803@eldamar.local>
Date: Mon, 3 Mar 2014 23:32:12 +0100
From: Salvatore Bonaccorso <carnil@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE Request: file: crashes when checking softmagic for some corrupt
 PE executables

Hi

file can be made to crash when checking some corrupt PE executables,
and so could be used to mount a denial of service for file, or an
application using file/libmagic.

Upstream bugreport: http://bugs.gw.com/view.php?id=313

> Some corrupt PE executables contain invalid offset information in
> their internal directories that libmagic attempts to follow and run
> string searches on. mcopy() does not do bounds checking on the
> indirect offset read from the file and sets up ms->search with invalid
> pointers and lengths.
> 
> The offending line in my case is the msdos magic file is 121:
> >>>>(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive
> 
> The offset read indirectly was invalid and its bounds were not checked
> in mcopy.

Upstream has fixed this with following commit:

https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801

Can a CVE be assigned for this issue?

Regards,
Salvatore

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.