Headline
CVE-2022-28044: Fix control->suffix being deallocated as heap memory as reported by P… · ckolivas/lrzip@5faf80c
Irzip v0.640 was discovered to contain a heap memory corruption via the component lrzip.c:initialise_control.
@@ -458,7 +458,8 @@ int main(int argc, char *argv[]) if (unlikely(STDOUT)) failure(“Cannot specify an output filename when outputting to stdout\n”); control->outname = optarg; control->suffix = ""; dealloc(control->suffix); control->suffix = strdup(“”); break; case 'O’: if (control->outname) /* can’t mix -o and -O */ @@ -493,7 +494,8 @@ int main(int argc, char *argv[]) failure(“Specified output filename already, can’t specify an extension.\n”); if (unlikely(STDOUT)) failure(“Cannot specify a filename suffix when outputting to stdout\n”); control->suffix = optarg; dealloc(control->suffix); control->suffix = strdup(optarg); break; case 't’: if (control->outname)
Related news
Ubuntu Security Notice 5840-1 - It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. It was discovered that Long Range ZIP incorrectly handled pointers. If a user or an automated system were tricked into opening a certain specially crafted ZIP file, an attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.