I see that the severity of this issue has been lowered from important to
normal, and that the assessment in the Debian Security tracker reads:
[bookworm] - raptor2 (Minor issue, revisit when fixed upstream)
At the same time, I see that LibreOffice has patched its vendored raptor
library [1
In the first message there is a typo on the PoC for vulnerability #2.
Where it reads:
### 2.1 Steps to reproduce
`rapper -i turtle heap_read_overflow.poc`
Contents of `heap_read_overflow.poc`:
```
_:/exaple/o
```
It should read:
### 2.1 Steps to reproduce
`rapper -i nquads heap_read_overf
I rewrote a bit of the first issue to better understand it, and also
provide a patch:
## 1. Integer Underflow in `raptor_uri_normalize_path()`
There's an integer underflow in a path length calculation in
`raptor_uri_normalize_path()`.
This can be triggered by running the PoC below:
```
util
Package: libraptor2-0
X-Debbugs-Cc: ped...@gmail.com, Debian Security Team
Version: 2.0.15-4
Severity: grave
Justification: user security hole
Tags: patch upstream security
Hi,
Following on Hanno Bock's footsteps [1], I decided to fuzz libraptor2
[2][3] and after a few days found a couple of
4 matches
Mail list logo
