Control: tags -1 security Control: severity -1 important Hi!
On Sat, 2014-12-27 at 12:53:30 +0100, Jakub Wilk wrote: > Package: arj > Version: 3.10.22-12 > Usertags: afl > ARJ crashes on the attached (slightly corrupted) ARJ file: > > $ arj t crash.arj > ARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia. [08 Aug 2014] > > Processing archive: crash.arj > Archive created: 2014-12-27 10:40:05, modified: 2014-12-27 10:40:05 > Testing limerick Bad file data, CRC error! > 1 file(s) > > Found 1 error(s)! > *** Error in `arj': free(): invalid pointer: 0x00000000017e3200 *** > Aborted This is actually a security issue, as the invalid pointer in that free is due to a buffer overflow write access initiated by a size read from the processed archive. I've fixed this and the abs path traversal bugs locally, looking into the symlink traversal now. Thanks, Guillem -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
