[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] catdoc: out of bounds heap read and nullpointer / segfault
From: Hanno =?UTF-8?B?QsO2Y2s=?= <hanno () hboeck ! de>
Date: 2018-11-25 14:18:53
Message-ID: 20181125151853.20345cbf () computer
[Download RAW message or body]
Hi,
On Sun, 25 Nov 2018 13:09:12 +0100
Agostino Sarubbo <ago@gentoo.org> wrote:
> something about catdoc was already reported time ago:
> https://marc.info/?l=oss-security&m=142627461816744&w=2
>
> I don't know atm if your findings are duplicate or not.
There was a version with fixes inbetween (0.95, may 2016) which says in
the changelog "Fixed lot of segfaults on incorrect or corrupted
data" [1].
My reports are mainly to have it publicly referenced that it's still
not robust.
[1] https://www.wagner.pp.ru/~vitus/software/catdoc/changelog.html
--
Hanno Böck
https://hboeck.de/
mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic