#20841 – Common Data Format CDF File Processing Vulnerabilities

Bug 20841 - Common Data Format CDF File Processing Vulnerabilities

Summary: Common Data Format CDF File Processing Vulnerabilities

Status:	NEW

Alias:	None

Product:	Sisyphus
Classification:	Development
Component:	libcdf (show other bugs)
Version:	unstable
Hardware:	all Linux

Importance:	P3 blocker
Assignee:	Vitaly Lipatov
QA Contact:	qa-sisyphus

URL:	http://www.infigo.hr/en/in_focus/advi...
Keywords:	security

Depends on:
Blocks:

Reported:	2009-07-21 15:51 MSD by Vladimir Lettiev
Modified:	2009-07-22 00:42 MSD (History)
CC List:	1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Vladimir Lettiev 2009-07-21 15:51:24 MSD

Various memory corruption vulnerabilities have been identified during a
security audit of the CDF library. The vulnerabilities exist in the code
processing CDF files.

The vendor has addressed vulnerabilities on 20.7.2009. with CDF
library version 3.3. New CDF library 3.3 has 'cdfvalidate' module
that will validate CDF files for potential malformed values.

Vulnerability discovered by Leon Juranic <leon.juranic@infigo.hr>

Other links:
http://cdf.gsfc.nasa.gov/html/CDF_v330.html
http://secunia.com/advisories/35940

Comment 1 Vitaly Lipatov 2009-07-22 00:42:32 MSD

Версия 3.3 стала собирать только libcdf.so
вместо прежнего soname, пока не решил, что делать.