Updated exfat-utils package fixes security vulnerabilities
Publication date: 02 Nov 2015Modification date: 02 Nov 2015
Type: security
Affected Mageia releases : 5
Description
Fix heap overflow and endless loop in exfatfsck exfat-utils is a collection of tools to work with the exFAT filesystem. Fuzzing the exfatfsck with american fuzzy lop led to the discovery of a write heap overflow and an endless loop. Especially at risk are systems that are configured to run filesystem checks automatically on external devices like USB flash drives. A malformed input can cause a write heap overflow in the function verify_vbr_checksum. It might be possible to use this for code execution. Another malformed input can cause an endless loop, leading to a possible denial of service.
References
SRPMS
5/core
- exfat-utils-1.1.0-3.1.mga5