An issue in MiniZinc before 2.8.0 allows a NULL pointer dereference via ti_expr in a crafted .mzn file. NOTE: this is disputed because there is no common libminizinc use case in which an unattended process is supposed to run forever to process a series of atttacker-controlled .mzn files.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | minizinc | <= 2.6.4+dfsg1-1 | minizinc_2.6.4+dfsg1-1_all.deb |
Debian | 11 | all | minizinc | <= 2.5.3+dfsg1-1 | minizinc_2.5.3+dfsg1-1_all.deb |
Debian | 10 | all | minizinc | <= 2.1.7+dfsg1-1 | minizinc_2.1.7+dfsg1-1_all.deb |
Debian | 999 | all | minizinc | < 2.8.2+dfsg1-1 | minizinc_2.8.2+dfsg1-1_all.deb |
Debian | 13 | all | minizinc | < 2.8.2+dfsg1-1 | minizinc_2.8.2+dfsg1-1_all.deb |