Source: unrar-free Version: 1:0.0.1+cvs20140707-1 Severity: grave Tags: security upstream
Hi >From http://www.openwall.com/lists/oss-security/2017/08/20/1 Issue 3: Null pointer A malformed input file can cause a null pointer read. ==3328==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000020 (pc 0x00000051ed2c bp 0x000000278b18 sp 0x7fffc410e300 T0) ==3328==The signal is caused by a READ memory access. ==3328==Hint: address points to the zero page. #0 0x51ed2b in DecodeNumber /f/unrar-gpl/unrar/src/unrarlib.c:1649:16 #1 0x5186f5 in Unpack /f/unrar-gpl/unrar/src/unrarlib.c:1148:4 #2 0x511c47 in ExtrFile /f/unrar-gpl/unrar/src/unrarlib.c:799:10 #3 0x510b02 in urarlib_get /f/unrar-gpl/unrar/src/unrarlib.c:303:13 #4 0x50b249 in unrar_extract_file /f/unrar-gpl/unrar/src/unrar.c:343:8 #5 0x50be32 in unrar_extract /f/unrar-gpl/unrar/src/unrar.c:483:9 #6 0x50c69c in main /f/unrar-gpl/unrar/src/unrar.c:556:14 #7 0x7f0a337df4f0 in __libc_start_main (/lib64/libc.so.6+0x204f0) #8 0x419e19 in _start (/r/unrar-gpl/unrar+0x419e19) Regards, Salvatore
unrar-gpl-nullptr.rar
Description: application/rar
_______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
