Good find. This has been fixed in the libmspack repository.
Regards
Stuart
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Package: libmspack0
Version: 0.4-3
Tags: patch
Usertags: afl
There's an off-by-one buffer over-read in mspack/mszipd.c; please see
the attached patch. I don't believe it's exploitable, but I could be
wrong.
To reproduce the bug, rebuild libmspack with -fsanitize=address and
run:
$
2 matches
Mail list logo