lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon, 23 Apr 2012 08:42:03 +0100 From: Carlo Di Dato <shinnai@...istici.org> To: seclists <full-disclosure@...ts.grok.org.uk> Subject: SumatraPDF v2.0.1 chm and mobi files memory corruption SumatraPDF si absolutely my favourite reader. It’s stable, secure, open source and offers the opportunity to read a lot of formats including .chm and. mobi files. Unfortunately there is the possibility, crafting these files, to cause a memory corruption which could lead into arbitrary code esecution. Info: http://didasec.wordpress.com/2012/04/23/sumatrapdf-v2-0-1-chm-and-mobi-files-memory-corruption/ http://code.google.com/p/sumatrapdf/issues/detail?id=1906 PoC: http://shinnai.altervista.org/exploits/SH-017-20120423.html Patch: http://code.google.com/p/sumatrapdf/source/detail?r=6381 http://code.google.com/p/sumatrapdf/source/detail?r=6383 Be safe _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists