Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
signed integer overflow in iso parser #717
The attached malformed iso file (packed as zip, because github limits attachment file types) will cause a signed integer overflow when passed to "bsdtar -tf [infile]" (tested with libarchive 3.2.0). This can be seen with undefined behavior sanitizer (compile with -fsanitize=undefined in CFLAGS/LDFLAGS).
This was found with the help of american fuzzy lop.
According to the Debian security issue tracker, this is https://security-tracker.debian.org/tracker/CVE-2016-5844 .