oss-sec mailing list archives
Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c)
From: <cve-assign () mitre org>
Date: Thu, 10 Nov 2016 12:29:55 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/11/09/libming-listmp3-divide-by-zero-in-printmp3headers-list if you have a web application that calls directly the listmp3 binary to parse untrusted mp3, then you are affected. AddressSanitizer: FPE on unknown address a divide by zero
Use CVE-2016-9265. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYJK00AAoJEHb/MwWLVhi2PBcP/1yhSanzSSFcosnQDR6SBgGL 3PAxiDKEweFRzhDjXy2KhO1lF4c6sLqjaGOKwyBaqh2QI0kmEuU0rzTLxv3e+XST NSsBK6/WyrevX2RxbBDK7kTTPjlEI6VPWFBbooB74oChUbeMVndiKAciz2vod5NX EUaAvRDG2O8rF+RKcUFmiNQeTQKqn/AVUVOquA+/JniVY/+xyPkXQ+7wyfQhYojd SuVDxRRIfzFYBSFhCdtLYY5WrMWdKEVVRBgPDqTtxjuXa7Xga0GALapE1S9zfY1w Da7oct44Ns/xuMQIhWo/Q+ilxWZ0T9nQ0ShmWUMnGFxWWXc9iRPqbvfRNHZ7Nrlr tm9vnhck9hUZEgYPpoyka8sOmk0DGIrXc2OUWj3IcBSX6R0lXaglh62UD/lri5lM MzTaAPR0nzysvgqo3fweZKFJJqB3dw5yEtr8FW8Hhxys3Q/h1gTdRY268LVhePma ANtkDMsfQPAtShLrSEbKgIsPV9rjxEV53qi8JnK4t59mf5Z5ziVJ+S6FT44qMUhp YLQYnHSAJwT43q96KTVm6ok28hHvKzPCSPUkXE6BNyuXZGDRUDneqDkrvCly94mx OxexVIi4z5r/srLJ5O0vpXjK//tZFFKWDUrrwo6dIrwn/BbPp4s6Qng/aPe0jylD 9c3RUlO53BDm0PJHS/ZC =RSl5 -----END PGP SIGNATURE-----
Current thread:
- libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) Agostino Sarubbo (Nov 09)
- Re: libming: listmp3: divide-by-zero in printMP3Headers (listmp3.c) cve-assign (Nov 10)