oss-sec mailing list archives
Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Sun, 30 Oct 2016 14:49:37 -0300
Despite CVE-2016-7563 looks fixed in the mujs bug tracker, it was not properly patched: http://bugs.ghostscript.com/show_bug.cgi?id=697136#c4 2016-09-28 17:11 GMT-03:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256mujs str Out-of-Bound read 1 byte in function chartorune. http://bugs.ghostscript.com/show_bug.cgi?id=697136AddressSanitizer: heap-buffer-overflow READ of size 1 We were unconditionally reading the next character if we encountered a '*' in a multi-line comment; possibly reading past the end of the input.Use CVE-2016-7563.mujs "char *s" Heap overflow in Fp_toString at jsfunction.c:72 http://bugs.ghostscript.com/show_bug.cgi?id=697137AddressSanitizer: heap-buffer-overflow WRITE of size 1 We were not allocating space for the terminating zero byte.Use CVE-2016-7564. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJX7COpAAoJEHb/MwWLVhi24ugP/19AmMjWnrZ9kH88CpBt/y0M s6rWfYpCF0k56G6RSlkuUm/XOlqBPAsWK9I3REM32shkCLaA0L96IeQnW1h/flT1 7m30tJmxi31i31XfvpnBJWl06EqKTMZvNdNQBO+JS79ehBGmhmsIWjs9EkbBpNIv 9jr3rzWE+K7IAZcWAGu5e56mCC+FpNE1djZ8Iaw+RuX2oVOvJoDTq1hskiRMijKw qXiudF6upJ8HUzBWN3mbDAUtuA0VmYClQZ39iy7V6nH7QuwbG4XLvzAjkCjmzwhS bkg7zFhNOMw6J1nuVD5s5VtrhRctgaPaDDaTnNsw7IYjyYNbO+obhw3x1ZnqrXcx +wN3ZfMzxk0Q4n4KypmF2OJ6QITYqH5K6ofO5D9OI39cUmjsBEj1smqxSZq01xrU YxDyGS4gNQ6hWKS23/wgPt9YAjX+2xBMnAyygBrAzNcfFmO42XUpHDWl2ArnXQ1l kVyZLKOxFbGeTcsMyDFAjsDwD9tffl/6jDkZgd34em6kS1+lE7bccy2+IUsynrxz 7zqhueAX7uOOVbjgJ4bVpGYgebj2J8AVHJoJJKtaWskCBKbxyxbT49twJ56lSDd9 s5kVrUGdOz6+9RO7GJ/6dEwqJjmUYXh8O/3qI3h4gjmeTHAIaJ+uxhZ5J34Sj8xe B6ZoBxrnz+3QVOfjQ49u =iapx -----END PGP SIGNATURE-----
Current thread:
- Re: Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco (Oct 30)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Oct 30)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read Gustavo Grieco (Nov 07)
- Re: CVE request - mujs Heap-Buffer-Overflow write and OOB Read cve-assign (Oct 30)