[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] cve request: libbfd?
From:       Michal Zalewski <lcamtuf () coredump ! cx>
Date:       2014-10-25 17:36:25
Message-ID: CALx_OUABf0RbdwgAejX09Sj8V8C00_Yu-mGzhW=ufEAMjOS0hw () mail ! gmail ! com
[Download RAW message or body]

Hey,

You may want to assign something to:

http://lcamtuf.blogspot.com/2014/10/psa-dont-run-strings-on-untrusted-files.html
http://sourceware.org/bugzilla/show_bug.cgi?id=17510

This is slightly complicated by the fact that libbfd is just bad in
general and there likely are dozens of individual bugs, but the
write-to-arbitrary-pointer issues with ELF section parsing in elf.c
sort of stand out.

/mz
[prev in list] [next in list] [prev in thread] [next in thread]