Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-Id: <20150611135426.196A46C007F@smtpvmsrv1.mitre.org>
Date: Thu, 11 Jun 2015 09:54:26 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: Possible CVE Requests: libmspack: several issues

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> null pointer dereference on a crafted CAB:
>  - https://bugs.debian.org/774665

Use CVE-2014-9732.


> CHM decompression: division by zero
>  - https://bugs.debian.org/774725

Use CVE-2015-4467.


> CHM decompression: pointer arithmetic overflow
>  - https://bugs.debian.org/774726

Relative to the
http://anonscm.debian.org/cgit/collab-maint/libmspack.git/commit/?id=a25bb144795e526748b57884daf365732c7e2295
commit, use CVE-2015-4468 for the issues resolved by
fix-pointer-arithmetic-overflow.patch and use CVE-2015-4469 for the
issue resolved by fix-name-field-boundaries.patch. (Note that these
were originally combined within the diff included in the
https://bugs.debian.org/774726#3 message.) The
fix-name-field-boundaries.patch is about missing input validation and
can't have the same CVE ID as the two cases where the only change was
from a "p + name_len > end" test to a "name_len > end - p" test.


> off-by-one buffer over-read in mspack/mszipd.c
>  - https://bugs.debian.org/775498

Use CVE-2015-4470.


> off-by-one buffer under-read in mspack/lzxd.c
>  - https://bugs.debian.org/775499

Use CVE-2015-4471. The vendor notes that the later-problematic code
had been valid before 2006-08-31.


> CHM decompression: another pointer arithmetic overflow
>  - https://bugs.debian.org/775687

Use CVE-2015-4472.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVeZJSAAoJEKllVAevmvmsql4H/2k7qmN/J0L5i7nuticZBbm6
dQEHjoH4wK5n7bMoKeBVC2LAr+hlV6L5dxkfUCAknf4JwxnUCwBh27ewpGj7V5uW
JrOSeKUkq6LHPyScB5cZPeAagqDEzp42eNZbVJ0J44qlBRMjJkaLkuXDMR6DHaW9
am5vka2/zmDZgYYbdByleQnr1oB6NPGsl0cKxgZs73PxY96dr+T5E9L4njsa199Y
AxIo1ULaZ8k4AEN1OqqBTxWOI3GDj3GlWSrCPzwPyXBIz2gw6OYdd1gMoqpdEuM/
Z12I1gCdlZ3riDtBO/BMS8hW/lAcHccigao+fQegGEppCAaXPLVdZ/0qrLIsmhA=
=NsCS
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.