Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 552628 (CVE-2015-3205) - dev-libs/libmimedir: RCE via VCF file (CVE-2015-3205)
Summary: dev-libs/libmimedir: RCE via VCF file (CVE-2015-3205)
Status: RESOLVED FIXED
Alias: CVE-2015-3205
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial (vote)
Deadline: 2017-07-05
Assignee: Gentoo Security
URL:
Whiteboard: ~2 [noglsa cve]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-06-20 13:38 UTC by GLSAMaker/CVETool Bot
Modified: 2017-07-16 20:43 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2015-06-20 13:38:05 UTC 
CVE-2015-3205 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3205):
  libmimedir allows remote attackers to execute arbitrary code via a VCF file
  with two NULL bytes at the end of the file, related to "free" function calls
  in the "lexer's memory clean-up procedure."
Comment 1 Aaron Bauman (RETIRED) gentoo-dev 2016-12-02 11:08:16 UTC 
(1) rdep:

 * These packages depend on dev-libs/libmimedir:
dev-libs/librra-0.16 (>=dev-libs/libmimedir-0.5.1)

 * These packages depend on dev-libs/librra:


Please consider both packages for tree cleaning.
Comment 2 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-06-05 16:17:15 UTC 
# Michał Górny <mgorny@gentoo.org> (05 Jun 2017)
# (on behalf of Treecleaner project)
# Unmaintained in Gentoo. Security vulnerability.
# Removal in 30 days. Bug #552628.
dev-libs/libmimedir
Comment 3 Michał Górny archtester Gentoo Infrastructure gentoo-dev Security 2017-07-05 12:33:06 UTC 
commit f5c7846422b1e0fbcc48dd275259859a0bf5a3ed
Author:     Michał Górny <mgorny@gentoo.org>
AuthorDate: Wed Jul 5 14:12:45 2017
Commit:     Michał Górny <mgorny@gentoo.org>
CommitDate: Wed Jul 5 14:25:54 2017

    dev-libs/libmimedir: Remove last-rited pkg, #552628