Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <ab6ef47f6e244a0cb7571b8b9e4c304a@imshyb01.MITRE.ORG>
Date: Tue, 31 Jan 2017 10:17:27 -0500
From: <cve-assign@...re.org>
To: <ago@...too.org>
CC: <cve-assign@...re.org>, <oss-security@...ts.openwall.com>
Subject: Re: mp3splt: invalid free in free_options (options_manager.c)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://blogs.gentoo.org/ago/2017/01/29/mp3splt-invalid-free-in-free_options-options_manager-c
> 
> AddressSanitizer: attempting free on address which was not 
> malloc()-ed

> free_options mp3splt-2.6.2/src/options_manager.c:67:9

Use CVE-2017-5666.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYkKj6AAoJEHb/MwWLVhi2I5IQAKIqRlQDOlDi3vBVbyHS/7uj
rVKO/et4VVkB5+vh3mAt7TmeuU9kvkUefMlnGe6MREI1aqQhxEXJkspLGZsr2vWJ
wLFPlvbb1c5+bC194ZSGn1Ad29DbqxLVFJ8569Mxggo314RjzDEXn1deMLybIlx2
e6SRJ8c6YRAtoIvTQ9e+yr3YXMKTGnqzjpbdbuu/bX6AS/Th5/OLqWBBvkdX9hic
+JiPyL0V5D0XAdTRuZbKf8SZQ6FoigR+oMbAPznQ51Ewgcxu+WVbWi16OzvWzjYM
/j6ksokUlJ4vUOHkzr/Mm/h0+agYrJWIbZzVRaX/8WVlmUCMHXiErzHLO5WQCTE4
ebPbR1bQ31a3EbClP/B8U3CfWsQI7v4jdCAIMpsO5t+JTSqOw+1pQZ0CelPgIpRF
z/QbW0AU4WCcztglgMfAN0SRe2Osa9KICNJi4x+b9nyhyGDz89CU0GFyNJP9rQ08
HsK0bs+MAtlI/zg+x2KUeFuAn5/KsyZk4UxIWaArD/hFNy/8ZMxu1t82dCjzMoBt
q0731wugv1T8TdVuQE295KyZ2g1960FHHH/UQGTondbloZYbPaw+EtHHlrkk/Ce0
r2/mL14FmCWoqWulZlKNnPebDJtKEpnwwR332Jkfumk1fAuDP/QQScBmewYHRKls
7MyqXS/LzRjMYU+GDmlw
=qRBe
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.