[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] catdoc: out of bounds heap read and nullpointer / segfault
From:       Hanno =?UTF-8?B?QsO2Y2s=?= <hanno () hboeck ! de>
Date:       2018-11-25 14:18:53
Message-ID: 20181125151853.20345cbf () computer
[Download RAW message or body]

Hi,

On Sun, 25 Nov 2018 13:09:12 +0100
Agostino Sarubbo <ago@gentoo.org> wrote:

> something about catdoc was already reported time ago:
> https://marc.info/?l=oss-security&m=142627461816744&w=2
> 
> I don't know atm if your findings are duplicate or not.

There was a version with fixes inbetween (0.95, may 2016) which says in
the changelog "Fixed lot of segfaults on incorrect or corrupted
data" [1].
My reports are mainly to have it publicly referenced that it's still
not robust.


[1] https://www.wagner.pp.ru/~vitus/software/catdoc/changelog.html

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@hboeck.de
GPG: FE73757FA60E4E21B937579FA5880072BBB51E42
[prev in list] [next in list] [prev in thread] [next in thread]