oss-sec mailing list archives
Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c)
From: <cve-assign () mitre org>
Date: Fri, 11 Nov 2016 12:42:40 -0500
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
https://blogs.gentoo.org/ago/2016/11/07/libdwarf-heap-based-buffer-overflow-in-_dwarf_skim_forms-dwarf_macro5-c https://sourceforge.net/p/libdwarf/code/ci/583f8834083b5ef834c497f5b47797e16101a9a6/ AddressSanitizer: heap-buffer-overflow READ of size 29
Use CVE-2016-9275 for this buffer over-read. Although the commit is the same as for CVE-2016-9276, fixing CVE-2016-9275 apparently requires the dwarf_macro5.c part of the commit. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYJgKQAAoJEHb/MwWLVhi24wcP/ArXrxDuL31zWyp2eGSZzbs3 OK084kv5ln3zjGErGzoOch57mF2Eh8YRTKR0BofC0sJJATYs3PTl5LdRLl7tiy6m 9y8Z6aWRZfu3AyahJWoeEZmxOdHvRUgiQ2SMBf9jJBowRkbM8/omCIvfsLU7owyp z1gauiGtLXzkGMMBREGqW5rdsFBBfHWqXo9fv8J7gUWOtNmYBiZ8lgc5Vsl6WTwl +B7FFUBncj0oJGva807YmrrhHd0oKYv6Czrlfb3mdNYgVy2DaB+sIAkNpbmxg1Bc +79RJ3Hir1j8An9M59qij0HNyWfvlk6mv99p6ELBcZ0xisYcFaeSKtS9XZbbYeAG ROojMlSprq5uaKrEoFodUDuNrmC05X8A5sanVWyOPIkUaEw+7wcKPe78LYRpCUbn 0AQLBeG4YOkaPxA2VluU4+s5wMHJDtQvmK/yaGTf2+S3AlQf5JWVN054sBa2Boi7 i+m8XhW9gPurKrcjgLD7qN7q6rXWNo3U36I05bvsCObc4fgPr6CY/xEGM5QHYh/k ApEZU4ZAvgcjew7R7HaaxgxBk5+90bEq4bzWNhExB0MCMpNrf4xg/L/PhzKSa+fF HE+TQk5aIQqfGjI8eowdw/JZvEtDApNxqtKw/FcLuQe2DmJ55QJ/D9bijNwgpeB+ 6VCWZuLyUbFPqM9sghS9 =FIB3 -----END PGP SIGNATURE-----
Current thread:
- libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) Agostino Sarubbo (Nov 09)
- Re: libdwarf: heap-based buffer overflow in _dwarf_skim_forms (dwarf_macro5.c) cve-assign (Nov 11)