oss-sec mailing list archives
Re: CVE-2016-9584: heap use-after-free on libical
From: Raphael Hertzog <hertzog () debian org>
Date: Fri, 20 Jan 2017 12:26:04 +0100
Hello, On Thu, 15 Dec 2016, Agustin Mista wrote:
We found a heap use-after-free in a recent revision of libical ( f3688b444f820cecf51b1539b0856a392c0fdb0f), using a specially crafted ics file. This bugs looks particularly dangerous since it allows to read a big chunk of the heap memory.
I see you reported multiple bugs on github's libical issues page: https://github.com/libical/libical/issues/251 https://github.com/libical/libical/issues/252 https://github.com/libical/libical/issues/253 Looking at the backtrace, it seems that #253 is the same as this one. Do you confirm? Any reason why you did not request a CVE for #251?
It is worth to mention there is a very similar bug found (CVE-2016-5824) on the libical version used by Thunderbird but we think is *not* the same as this one. In fact, we've tested it on Thunderbird and it does *not* crash. The reproducer is available upon request.
#253 has a reproducer here: https://github.com/libical/libical/files/627392/heap-use-after-free.ical.txt Is this the same file? If it's a different file, then I'd like to have access to the file but I would prefer if it was just available publicly and not to me only. Cheers, -- Raphaël Hertzog ◈ Debian Developer Support Debian LTS: http://www.freexian.com/services/debian-lts.html Learn to master Debian: http://debian-handbook.info/get/
Current thread:
- Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 20)
- Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 20)
- Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 27)
- Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 27)
- Re: CVE-2016-9584: heap use-after-free on libical Raphael Hertzog (Jan 27)
- Re: CVE-2016-9584: heap use-after-free on libical Gustavo Grieco (Jan 20)