oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c)

From: <cve-assign () mitre org>
Date: Thu, 10 Nov 2016 12:29:55 -0500
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list

if you have a web application that calls directly the
listmp3 binary to parse untrusted mp3, then you are affected.

AddressSanitizer: FPE on unknown address
a divide by zero


Use CVE-2016-9265.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYJK00AAoJEHb/MwWLVhi2PBcP/1yhSanzSSFcosnQDR6SBgGL
3PAxiDKEweFRzhDjXy2KhO1lF4c6sLqjaGOKwyBaqh2QI0kmEuU0rzTLxv3e+XST
NSsBK6/WyrevX2RxbBDK7kTTPjlEI6VPWFBbooB74oChUbeMVndiKAciz2vod5NX
EUaAvRDG2O8rF+RKcUFmiNQeTQKqn/AVUVOquA+/JniVY/+xyPkXQ+7wyfQhYojd
SuVDxRRIfzFYBSFhCdtLYY5WrMWdKEVVRBgPDqTtxjuXa7Xga0GALapE1S9zfY1w
Da7oct44Ns/xuMQIhWo/Q+ilxWZ0T9nQ0ShmWUMnGFxWWXc9iRPqbvfRNHZ7Nrlr
tm9vnhck9hUZEgYPpoyka8sOmk0DGIrXc2OUWj3IcBSX6R0lXaglh62UD/lri5lM
MzTaAPR0nzysvgqo3fweZKFJJqB3dw5yEtr8FW8Hhxys3Q/h1gTdRY268LVhePma
ANtkDMsfQPAtShLrSEbKgIsPV9rjxEV53qi8JnK4t59mf5Z5ziVJ+S6FT44qMUhp
YLQYnHSAJwT43q96KTVm6ok28hHvKzPCSPUkXE6BNyuXZGDRUDneqDkrvCly94mx
OxexVIi4z5r/srLJ5O0vpXjK//tZFFKWDUrrwo6dIrwn/BbPp4s6Qng/aPe0jylD
9c3RUlO53BDm0PJHS/ZC
=RSl5
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: