{
  "schema_version": "1.7.0",
  "id": "MGASA-2015-0422",
  "published": "2015-11-02T20:21:29Z",
  "modified": "2015-11-02T20:13:06Z",
  "summary": "Updated exfat-utils package fixes security vulnerabilities",
  "details": "Fix heap overflow and endless loop in exfatfsck\n\nexfat-utils is a collection of tools to work with the exFAT filesystem.\nFuzzing the exfatfsck with american fuzzy lop led to the discovery of a\nwrite heap overflow and an endless loop.\n\nEspecially at risk are systems that are configured to run filesystem\nchecks automatically on external devices like USB flash drives.\n\nA malformed input can cause a write heap overflow in the function\nverify_vbr_checksum. It might be possible to use this for code\nexecution.\n\nAnother malformed input can cause an endless loop, leading to a\npossible denial of service.\n",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://advisories.mageia.org/MGASA-2015-0422.html"
    },
    {
      "type": "REPORT",
      "url": "https://bugs.mageia.org/show_bug.cgi?id=17013"
    },
    {
      "type": "WEB",
      "url": "http://openwall.com/lists/oss-security/2015/10/24/1"
    }
  ],
  "affected": [
    {
      "package": {
        "ecosystem": "Mageia:5",
        "name": "exfat-utils",
        "purl": "pkg:rpm/mageia/exfat-utils?arch=source&distro=mageia-5"
      },
      "ranges": [
        {
          "type": "ECOSYSTEM",
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "1.1.0-3.1.mga5"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "section": "core"
      }
    }
  ],
  "credits": [
    {
      "name": "Mageia",
      "type": "COORDINATOR",
      "contact": [
        "https://wiki.mageia.org/en/Packages_Security_Team"
      ]
    }
  ]
}