Go to:
Gentoo Home
Documentation
Forums
Lists
Bugs
Planet
Store
Wiki
Get Gentoo!
Gentoo's Bugzilla – Attachment 474572 Details for
Bug 620008
<app-arch/p7zip-16.02-r3: Denial of Service vulnerability affects the 16.02 and many old versions of p7zip (null pointer check)
Home
|
New
–
[Ex]
|
Browse
|
Search
|
Privacy Policy
|
[?]
|
Reports
|
Requests
|
Help
|
New Account
|
Log In
[x]
|
Forgot Password
Login:
[x]
[patch]
p7zip-16.02-CVE-2016-9296.patch
p7zip-16.02-CVE-2016-9296.patch (text/plain), 1.00 KB, created by
Andrey Ovcharov
on 2017-05-28 12:18:09 UTC
(
hide
)
Description:
p7zip-16.02-CVE-2016-9296.patch
Filename:
MIME Type:
Creator:
Andrey Ovcharov
Created:
2017-05-28 12:18:09 UTC
Size:
1.00 KB
patch
obsolete
>p7zip: Avoid crashing while decoding certain malformed input > >https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9296 >https://sourceforge.net/p/p7zip/bugs/185/#32aa >https://sourceforge.net/p/p7zip/discussion/383043/thread/648d34db >https://trac.macports.org/ticket/52982 > >Check whether folders.PackPositions is nonnull before accessing it. Fix >developed by Igor Pavlov. > >Upstream-Status: Backport [7-Zip 16.03 for Windows] >CVE: CVE-2016-9296 >Signed-off-by: Lawrence Velázquez <larryv@macports.org> > >Index: CPP/7zip/Archive/7z/7zIn.cpp >=================================================================== >--- CPP/7zip/Archive/7z/7zIn.cpp.orig >+++ CPP/7zip/Archive/7z/7zIn.cpp >@@ -1097,7 +1097,8 @@ HRESULT CInArchive::ReadAndDecodePackedS > if (CrcCalc(data, unpackSize) != folders.FolderCRCs.Vals[i]) > ThrowIncorrect(); > } >- HeadersSize += folders.PackPositions[folders.NumPackStreams]; >+ if (folders.PackPositions) >+ HeadersSize += folders.PackPositions[folders.NumPackStreams]; > return S_OK; > } >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=474572">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 620008
: 474572
