Skip to content

CVE-2017-15953 & CVE-2017-15954: heap-based buffer overflow and crash when processing a malformed CUE file. #1

Closed
@hessu

Description

@hessu

bchunk 1.2.0 is vulnerable to a heap-based buffer overflow and crash when processing a malformed CUE file.

Fix committed in 6a053c1 provided by Yegor Timoshenko. Fixed in version 1.2.2.

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15954
https://www.debian.org/security/2017/dsa-4026

Metadata

Metadata

Assignees

Labels

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions