Re: potential unfixed CVE in usr.bin/compress/zopen.c

On Wed, Apr 03, 2024 at 03:35:07PM +, Lu ChenHao wrote: > As CVE-2011-2895 said, the > LZW decompressor is vulnerable to an infinite loop or a heap-based buffer > overflow. As a mitigation, freebsd has added checks in > zopen.c

potential unfixed CVE in usr.bin/compress/zopen.c

As CVE-2011-2895 said, the LZW decompressor is vulnerable to an infinite loop or a heap-based buffer overflow. As a mitigation, freebsd has added checks in zopen.c.