[Pkg-clamav-devel] Bug#773659: cabextract: null pointer dereference on a crafted CAB
Sebastian Andrzej Siewior
sebastian at breakpoint.cc
Fri Jan 16 20:29:34 UTC 2015
On 2015-01-15 01:52:05 [+0000], Stuart Caie wrote:
> I am now. I've sense-checked the patch for 774726 and it passes my test
> suite, so it's now committed to the repository. I'm doing the same for
> 774725.
Great, thanks.
> >In total Jakub reported four issues.
> I thank him for it! libmspack is now more robust because of his work.
Well, it looks like Jakub did not stop yet. Atleast those two do not do
not crash immediately.
- libmspack: off-by-one buffer over-read in mspack/mszipd.c
https://bugs.debian.org/775498
- libmspack: off-by-one(?) buffer under-read in mspack/lzxd.c
https://bugs.debian.org/775499
> Regards
> Stuart
Sebastian
More information about the Pkg-clamav-devel
mailing list