3 matches found
OSV-2017-13 Heap-buffer-overflow in File::Write
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=4293 Crash type: Heap-buffer-overflow READ Crash state: File::Write ComprDataIO::UnpWrite CmdExtract::UnstoreFile...
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps...
Rar - CmdExtract::UnstoreFile Integer Truncation Memory Corruption
Source: https://code.google.com/p/google-security-research/issues/detail?id=550 The attached file crashes in CmdExtract::UnstoreFile because the signed int64 DestUnpSize is truncated to an unsigned 32bit integer. Perhaps CmdExtract::ExtractCurrentFile should sanity check Arc.FileHead.UnpSize earl...