From https://bugzilla.redhat.com/show_bug.cgi?id=1465040: An integer overflow vulnerability in ptp-pack.c (ptp_unpack_OPL function) of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. Upstream bug report: https://sourceforge.net/p/libmtp/mailman/message/35727918/ From https://bugzilla.redhat.com/show_bug.cgi?id=1465038: An integer overflow vulnerability in the ptp_unpack_EOS_CustomFuncEx function of the ptp-pack.c file of libmtp (version 1.1.12 and below) allows attackers to cause a denial of service (out-of-bounds memory access) or maybe remote code execution by inserting a mobile device into a personal computer through a USB cable. Upstream bug report: https://sourceforge.net/p/libmtp/mailman/message/35727918/ @maintainer(s): since the fixed package is already in the tree, please let us know if it is ready for the stabilization or not.
@ Arches, please test and mark stable: =media-libs/libmtp-1.1.13
ia64 stable
arm stable
amd64 stable
x86 stable
ppc64 stable
ppc stable
hppa stable
Thank you all. GLSA Request filed. Please proceed to clean up the tree.
I couldn't find a PoC of Remote Code Execution, and i don't know if having local access to plug the device is considered "remote by enticing" attack. Downgrading to B3 because of the DoS. Security please vote: GLSA Request Vote: No
@sound, can this be cleaned?
Tree is clean: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=0a675141ca41b8533e16d8f513129d5c592d993f Coordinated with Soap via IRC.
