Index: security/vuxml/vuln.xml =================================================================== --- security/vuxml/vuln.xml (revision 388392) +++ security/vuxml/vuln.xml (working copy) @@ -57,6 +57,46 @@ --> + + testdisk -- buffer overflow with malicious disk image + + + testdisk + 7.0 + + + + +

CGSecurity TestDisk Changelog reports:

+
Various fix including security fix, thanks to:
+
+
Coverity scan (Static Analysis of source code)
+
afl-fuzz (security-oriented fuzzer).
+
Denis Andzakovic from Security Assessment for reporting an + exploitable Stack Buffer Overflow.
+
+

Denis Andzakovic reports:

+
A buffer overflow is triggered within the software when a malicious + disk image is attempted to be recovered. This may be leveraged by an + attacker to crash TestDisk and gain control of program execution. An + attacker would have to coerce the victim to run TestDisk against + their malicious image.
+

+ + + + http://www.cgsecurity.org/wiki/TestDisk_7.0_Release + http://www.security-assessment.com/files/documents/advisory/Testdisk%20Check_OS2MB%20Stack%20Buffer%20Overflow%20-%20Release.pdf + + + 2015-04-30 + 2015-06-03 + + + hostapd and wpa_supplicant -- multiple vulnerabilities