[Debian-med-packaging] Bug#1080069: sweed: A suspicious integer overflow to buffer overflow in 'SweeD_Input.c'
r10922044
r10922044 at ntu.edu.tw
Fri Aug 30 10:09:45 BST 2024
Package: sweed
Version: 3.2.1+dfsg-5
Dear Maintainers,
We are researching static analysis for recurring vulnerabilities. When
using our tool to test on 'sweed', we found a suspicious integer
overflow to buffer overflow at 'readAlignmentMS' in 'SweeD_Input.c'.
'alignment->segsites' which was read by 'fscanf' in line 3341 would be
used directly to allocate memory in line 3345 and 3346 with no check. We
suggest adding an integer overflow check before memory allocation to
prevent buffer overflow.
Thank you for maintaining sweed.
Best regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-med-packaging/attachments/20240830/3a181a16/attachment.htm>
More information about the Debian-med-packaging
mailing list