Package: dpkg Version: 1.10.4 Severity: normal Dpkg's md5sum segfault if presented an invalid file with -c: > md5sum -c /bin/ls md5sum: unrecognized line: md5sum: unrecognized line: md5sum: can't open +--block-size=SIZE use SIZE-byte blocks Segmentation fault (core dumped)
gdb reports: (no symbols, sorry...) 0x080493cc in strcpy () So perhaps it is possible to exploit this with a malformed md5sum file, but I'm not a security expert. Note that md5sum.textutils doesn't have this problem. Related Bug: #136110. -- System Information Debian Release: testing/unstable
