Comments (9)
I guess the failure happens in lzo_decompress_buf
from lrzip.
CVE-2017-8845 was assigned http://seclists.org/oss-sec/2017/q2/233.
from lrzip.
Error -6 is LZO_E_LOOKBEHIND_OVERRUN
.
from lrzip.
Is there an upstream-blessed patch yet? :)
from lrzip.
I don't have time to look at any of these at the moment I'm afraid. One day...
from lrzip.
Can't seem to reproduce with lzop
:
$ file ~/Downloads/00230-lrzip-invalidread-lzo1x_decompress.lzo
/home/lamby/Downloads/00230-lrzip-invalidread-lzo1x_decompress.lzo: LRZIP compressed data - version 0.6
$ lzop -d ~/Downloads/00230-lrzip-invalidread-lzo1x_decompress.lzo
lzop: /home/lamby/Downloads/00230-lrzip-invalidread-lzo1x_decompress.lzo: not a lzop file
from lrzip.
Fixed.
from lrzip.
@ckolivas Thanks. Which commit was this fixed in? I see a bunch of semi-related ones.. :)
from lrzip.
from lrzip.
Related Issues (20)
- How to read the output HOT 1
- lrzip -t file.lrz fails when run from write-protected dir
- Streaming issue "No space left on device" in lrzip 0.651 HOT 1
- "Warning, low memory for chosen compression settings" for small target files HOT 12
- lrzip 0.651 test issue HOT 3
- Use of uninitialized memory bug HOT 1
- 41e8014 Add a -Q/--very-quiet option: Suppresses INFO. It shouldn't
- memory error in fill_buffer lrzip/stream.c HOT 1
- ZPAQ Segfault with incompressible blocks
- lrztar shows spurious "illegal option" with long options HOT 4
- heap-buffer-overflow in libzpaq/libzpaq.cpp:1208:25 libzpaq::PostProcessor::write(int) HOT 3
- Issue with -p or --threads HOT 12
- Incomplete fix of Issue #206 makes use-after-free still possible HOT 4
- "Unable to allocate enough memory for operation" on x86 when 10 threads are used. HOT 1
- Unable to stat file error on broken symlinks HOT 2
- Suggestion to support encrypted Stdin/Stdout when password provided on command line
- CPU detection does not account for CPU affinity HOT 8
- autoconf generates warnings on deprecated macros
- autoreconf: not found
- Makefile.am:34: error: Libtool library used but 'LIBTOOL' is undefined HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from lrzip.