mailing list archives
CVE Request: file: crashes when checking softmagic for some corrupt PE executables
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 3 Mar 2014 23:32:12 +0100
file can be made to crash when checking some corrupt PE executables,
and so could be used to mount a denial of service for file, or an
application using file/libmagic.
Upstream bugreport: http://bugs.gw.com/view.php?id=313
Some corrupt PE executables contain invalid offset information in
their internal directories that libmagic attempts to follow and run
string searches on. mcopy() does not do bounds checking on the
indirect offset read from the file and sets up ms->search with invalid
pointers and lengths.
The offending line in my case is the msdos magic file is 121:
(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive
The offset read indirectly was invalid and its bounds were not checked
Upstream has fixed this with following commit:
Can a CVE be assigned for this issue?
- CVE Request: file: crashes when checking softmagic for some corrupt PE executables Salvatore Bonaccorso (Mar 03)