Package: libmpfr4 Version: 3.1.2-1+b1 Severity: grave Tags: security Justification: user security hole
A buffer overflow may occur in mpfr_strtofr. This bug was actually discovered a year ago, and was a consequence of incorrect GMP documentation. For details, see the discussion: https://gmplib.org/list-archives/gmp-bugs/2013-December/003267.html A short description of the bug and a patch (which just increases the buffer size according to the new GMP documentation) is available at: http://www.mpfr.org/mpfr-3.1.2/#bugs The effects of this bug may be those of a buffer overflow. I don't know whether it can be exploitable to execute random code (I'd say that this is unlikely, but I'm not sure). I just know that a crash is possible (memory corruption detected by the glibc?) with the 32-bit ABI when alloca is disabled (alloca is not disabled by default, but note that alloca is not used in large precisions). -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages libmpfr4:amd64 depends on: ii libc6 2.19-13 ii libgmp10 2:6.0.0+dfsg-6 ii multiarch-support 2.19-13 libmpfr4:amd64 recommends no packages. libmpfr4:amd64 suggests no packages. -- no debconf information -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
