From d14d17c5eb4cde9e749cac3953534d053f1591b8 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Fri, 11 Feb 2022 10:37:59 +0000 Subject: CVE-2018-1143{2-8}/libmobi tested in sid 0.9+dfsg1-1 provides the mobitool binary that is described in the CVE disclosure. The poc.zip provides test ebooks to prompt failures. Each test produced either an error code or a normal operation instead of the described crashes. --- data/CVE/list.2018 | 21 +++++++-------------- 1 file changed, 7 insertions(+), 14 deletions(-) (limited to 'data/CVE/list.2018') diff --git a/data/CVE/list.2018 b/data/CVE/list.2018 index e94f8d9431..1e529a7393 100644 --- a/data/CVE/list.2018 +++ b/data/CVE/list.2018 @@ -26275,33 +26275,26 @@ CVE-2018-11439 (The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in NOTE: Pull request: https://github.com/taglib/taglib/pull/869 NOTE: Upstream fix: https://github.com/taglib/taglib/commit/2c4ae870ec086f2ddd21a47861a3709c36faac45 CVE-2018-11438 (The mobi_decompress_lz77 function in compression.c in Libmobi 0.3 allo ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11437 (The mobi_reconstruct_parts function in parse_rawml.c in Libmobi 0.3 al ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11436 (The buffer_addraw function in buffer.c in Libmobi 0.3 allows remote at ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11435 (The mobi_decompress_huffman_internal function in compression.c in Libm ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11434 (The buffer_fill64 function in compression.c in Libmobi 0.3 allows remo ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11433 (The mobi_get_kf8boundary_seqnumber function in util.c in Libmobi 0.3 a ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11432 (The mobi_parse_mobiheader function in read.c in Libmobi 0.3 allows rem ...) - - libmobi + - libmobi 0.9+dfsg1-1 NOTE: https://seclists.org/fulldisclosure/2018/May/48 - TODO: check, likely fixed before initial Upload to Debian CVE-2018-11431 RESERVED CVE-2018-11430 (An issue was discovered in the Moderator Log Notes plugin 1.1 for MyBB ...) -- cgit v1.2.3