[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-unrtf] out-of-bounds memory access in unrtf
From: |
Jean-Francois Dockes |
Subject: |
Re: [bug-unrtf] out-of-bounds memory access in unrtf |
Date: |
Sun, 7 Dec 2014 18:11:02 +0100 |
Michal Zalewski writes:
> Looks like this package is no longer maintained, but reporting just
> for posterity: there seems to be a bug that probably makes it
> dangerous to convert untrusted RTFs:
>
> $ echo '{\cb-999999999' >x
> $ unrtf x
>
> This leads to segv while accessing a pointer that is essentially
> within attacker's control.
This is fixed by this change:
https://bitbucket.org/medoc/unrtf-int/commits/b0cef89a170a66bc48f8dd288ce562ea8ca91f7a
Hopefully Dave Davey who is the current maintainer, as far as I know, will
apply it.
Cheers,
J.F. Dockes
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- Re: [bug-unrtf] out-of-bounds memory access in unrtf,
Jean-Francois Dockes <=