Note:
This project will be discontinued after December 13, 2021. [more]
2016-03-30
Integer overflow in the isofs_real_read_zf function in isofs.c in FuseISO 20070708 might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a large ZF block size in an ISO file, leading to a heap-based buffer overflow.
| Products | Fedora, Fuseiso |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• http://www.openwall.com/lists/oss-security/2015/02/06/7
• http://www.debian.org/security/2016/dsa-3551 • https://bugzilla.redhat.com/show_bug.cgi?id=863102 • https://bugzilla.redhat.com/show_bug.cgi?id=861358 • http://www.openwall.com/lists/oss-security/2015/02/23/9 |