Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE Request: file: crashes when checking softmagic for some corrupt PE executables
From: Salvatore Bonaccorso <carnil () debian org>
Date: Mon, 3 Mar 2014 23:32:12 +0100

Hi

file can be made to crash when checking some corrupt PE executables,
and so could be used to mount a denial of service for file, or an
application using file/libmagic.

Upstream bugreport: http://bugs.gw.com/view.php?id=313

Some corrupt PE executables contain invalid offset information in
their internal directories that libmagic attempts to follow and run
string searches on. mcopy() does not do bounds checking on the
indirect offset read from the file and sets up ms->search with invalid
pointers and lengths.

The offending line in my case is the msdos magic file is 121:
(&0x0f.l+(-4)) search/0x3000 MSCF \b, InstallShield self-extracting archive

The offset read indirectly was invalid and its bounds were not checked
in mcopy.

Upstream has fixed this with following commit:

https://github.com/glensc/file/commit/447558595a3650db2886cd2f416ad0beba965801

Can a CVE be assigned for this issue?

Regards,
Salvatore


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault