Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <7c90b43f-1031-2c1f-943f-e2f2a0d1d486@suse.com>
Date: Thu, 29 Jun 2017 23:07:14 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request: unrar: VMSF_DELTA filter allows
 arbitrary memory write

Hi,


On 06/21/2017 02:20 PM, Alexander Bergmann wrote:
> It was reported that unrar fixed a VMSF_DELTA memory corruption issue in
> there latest version unrarsrc-5.5.5.tar.gz. This problem was reported to
> Sophos AV in 2012 but never reach upstream rar.
>
> https://bugs.chromium.org/p/project-zero/issues/detail?id=1286&desc=6#maincol

In clamav's libunrar, this is
https://github.com/vrtadmin/clamav-devel/commit/d4699442bce76574573dc564e7f2177d679b88bd

Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton,
HRB 21284 (AG Nürnberg)




Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.