You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
liblnk_io_handle_read_data_blocks: reading data block at offset: 2503 (0x000009c7)
liblnk_io_handle_read_data_blocks: data block size : 4
==27738== Invalid read of size 1
==27738== at 0x4593A4: liblnk_data_block_read (liblnk_data_block.c:296)
==27738== by 0x4473C3: liblnk_file_open_read (liblnk_file.c:1486)
==27738== by 0x4461C3: liblnk_file_open_file_io_handle (liblnk_file.c:627)
==27738== by 0x445F1C: liblnk_file_open (liblnk_file.c:345)
==27738== by 0x40185C: info_handle_open_input (info_handle.c:415)
==27738== by 0x404638: main (lnkinfo.c:265)
joachimmetz
changed the title
disclosed PoC files affecting liblnk
liblnk_io_handle_read_data_blocks does not check data size before reading 4 byte signature
Jun 25, 2018
disclosed PoC files affecting liblnk
Per #13
Someone else also found some relevant crashes, please see http://seclists.org/fulldisclosure/2018/Jun/33
This issue was not directly reported to the liblnk project
Also looks overkill to get CVEs for minor OOB reads:
Until date no proof has been presented to back up these claims
The text was updated successfully, but these errors were encountered: