oss-sec mailing list archives
Re: CVE Request: Info-Zip zipinfo buffer overflow
From: "Steven M. Schweda" <sms () antinode info>
Date: Mon, 5 Dec 2016 16:27:38 -0600 (CST)
From: Tyler Hicks <tyhicks () canonical com>
Thanks for the (thorough, helpful) report.I appreciate it but Alexis deserves most of the credit.
The item in the next History.610 file should resemble: - In ZipInfo ("-Z", /ZIPINFO) short-format ("-s", /SHORT, default) reports, an unexpectedly large compression method value (>999) caused a (mostly harmless) buffer overflow, and spoiled the report format. Now, values less than 1000 are displayed as before, using a three-digit decimal format, "uDDD", but larger values are displayed using a four-digit (unlabled) hexadecimal format, "XXXX". https://launchpad.net/bugs/1643750 (zipinfo.c) [Alexis Vanden Eijnde, Tyler Hicks, SMS] (Credit is cheap.)
Thanks for the quick fix. Is there a public code repository available so that we can reference a specific commit that fixes this issue?
No. We've been thinking about it, though.
Nope. As you probably noticed, MITRE just assigned a CVE. It likely helped that you confirmed the issue.
Swell. (One fewer thing I need to know.)
Thanks again!
Same to you (plural). ------------------------------------------------------------------------ Steven M. Schweda sms@antinode-info
Current thread:
- CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow cve-assign (Dec 05)
- <Possible follow-ups>
- CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow Tyler Hicks (Dec 05)
- Re: CVE Request: Info-Zip zipinfo buffer overflow Steven M. Schweda (Dec 05)