Hi,
On 2026/6/11 05:27, Tristan wrote:
Hello,
I am reporting 5 vulnerabilities in erofs-utils across three versions.
All are triggered by crafted EROFS filesystem images.
Findings summary:
- ZSTD decompression heap OOB read (erofs-utils 8a579d4, CVSS 5.5,
CWE-125)
- u64-to-u32 truncation heap overflow (erofs-utils 1.8.5, CVSS 7.8,
CWE-190)
- Off-by-one heap overflow in fsck path (erofs-utils 1.9.1, CVSS 6.2,
CWE-193)
- Symlink extraction integer overflow (erofs-utils 1.9.1, CVSS 7.8,
CWE-190)
- Uncontrolled recursion in dump.erofs (erofs-utils 1.9.1, CVSS 5.5,
CWE-674)
I would appreciate acknowledgement of receipt and CVE assignment.
Although I agree that some issues are obvious issues, but
would you mind provide reproducible images (in gzipped-based64)
at least?
Thanks,
Gao Xiang
Regards,
Tristan