Bug#898135: bibutils: CVE-2018-10773 CVE-2018-10774 CVE-2018-10775
Salvatore Bonaccorso
carnil at debian.org
Mon May 7 19:57:54 BST 2018
Source: bibutils
Version: 6.2-1
Severity: normal
Tags: security upstream
Hi,
The following vulnerabilities were published for bibutils. This report
is to mainly make aware of the issues, I'm not sure if upstream were
made aware of those, as the CVE references by now just consist of
pointing to reproducers.
CVE-2018-10773[0]:
| NULL pointer deference in the addsn function in serialno.c in
| libbibcore.a in bibutils through 6.2 allows remote attackers to cause a
| denial of service (application crash), as demonstrated by copac2xml.
CVE-2018-10774[1]:
| Read access violation in the isiin_keyword function in isiin.c in
| libbibutils.a in bibutils through 6.2 allows remote attackers to cause
| a denial of service (application crash), as demonstrated by isi2xml.
CVE-2018-10775[2]:
| NULL pointer dereference in the _fields_add function in fields.c in
| libbibcore.a in bibutils through 6.2 allows remote attackers to cause a
| denial of service (application crash), as demonstrated by end2xml.
If you fix the vulnerabilities please also make sure to include the
CVE (Common Vulnerabilities & Exposures) ids in your changelog entry.
For further information see:
[0] https://security-tracker.debian.org/tracker/CVE-2018-10773
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10773
[1] https://security-tracker.debian.org/tracker/CVE-2018-10774
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10774
[2] https://security-tracker.debian.org/tracker/CVE-2018-10775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10775
Please adjust the affected versions in the BTS as needed.
Salvatore
More information about the debian-science-maintainers
mailing list