जमा करें #654059: Open Babel 3.1.1 / master commit 889c3501 Memory Corruptionजानकारी

शीर्षकOpen Babel 3.1.1 / master commit 889c3501 Memory Corruption
विवरणOpen Babel 3.1.1 (and the current master branch at commit 889c350) contains a vulnerability in the ZIP stream handling code (zipstreamimpl.h). When parsing certain compressed input files, the function zlib_stream::basic_unzip_streambuf<char>::underflow() invokes memcpy with overlapping source and destination buffers. Since memcpy is undefined for overlapping memory regions, this results in undefined behavior and can lead to memory corruption or a crash. A crafted input file can reliably trigger this condition, leading to denial-of-service and potentially opening the door for more severe memory corruption exploits.
स्रोत⚠️ https://github.com/openbabel/openbabel/issues/2832
उपयोगकर्ता ahuo (UID 90189)
सबमिशन14/09/2025 10:01 AM (10 महीनों पहले)
संयम25/09/2025 08:05 PM (11 days later)
स्थितिस्वीकृत
VulDB प्रविष्टि325923 [Open Babel तक 3.1.1 /src/zipstreamimpl.h underflow बफ़र ओवरफ़्लो]
अंक20

Do you need the next level of professionalism?

Upgrade your account now!