Activity for Andrea Fioraldi
-
Andrea Fioraldi modified ticket #1
test
-
test
-
test
-
You can refer to this bug using CVE-2019-15540 in the next release changelog.
-
Ok ty for the quick fix. When you think is appropriate, could you make this ticket public? I've requested a CVE cause I found the bug using my fuzzer and I'm going to submit a paper about such fuzzer in a security conference. The motivation of the CVE request is simply that reviewers like a list of CVE (yes this is not so academic but I don't decide the rules). If you have never used a fuzzer and you want to automatically finds similar bugs in the future I can share with you my fuzzing setup for...
-
Ok ty for the quick fix. When you think it appropriate, could you make this ticket public? I've requested a CVE cause I found the bug using my fuzzer and I'm going to submit a paper about such fuzzer in a security conference. The motivation of the CVE request is simply that reviewers like a list of CVE (yes this is not so academic but I don't decide the rules). If you have never used a fuzzer and you want to automatically finds similar bugs in the future I can share with you my fuzzing setup for...
-
If you need further details (the patch is quite naive) don't esitate to ask.
-
Critical vulnerability in the CSO filter
-
Well formatted patch (SourceForge interpreted the patch as hypertext in the issue text): --- parser_old.c 2019-08-23 20:28:29.036521000 +0200 +++ parser.c 2019-08-23 20:34:24.236933435 +0200 @@ -988,6 +988,14 @@ is a MTYP block provided */ mirage_disc_set_medium_type(self->priv->disc, MIRAGE_MEDIUM_CD); + /* Length integrity check */ + if (self->priv->nrg_data_length == 0) { + MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: rg_data_length must be greater than 0!\n", __debug__); + g_set_error(error,...
-
Well formatted patch (SourceForge interpreted the pacth as hypertext in the issue text): --- parser_old.c 2019-08-23 20:28:29.036521000 +0200 +++ parser.c 2019-08-23 20:34:24.236933435 +0200 @@ -988,6 +988,14 @@ is a MTYP block provided */ mirage_disc_set_medium_type(self->priv->disc, MIRAGE_MEDIUM_CD); + /* Length integrity check */ + if (self->priv->nrg_data_length == 0) { + MIRAGE_DEBUG(self, MIRAGE_DEBUG_WARNING, "%s: rg_data_length must be greater than 0!\n", __debug__); + g_set_error(error,...
-
Null Pointer Dereference in libmirage 3.2.2
-
Initial commit
-
Initial commit
1