Opened 10 years ago

Closed 10 years ago

#5210 closed enhancement (fixed)

lzo-2.07

Reported by: Igor Živković Owned by: Igor Živković
Priority: normal Milestone: 7.6
Component: BOOK Version: SVN
Severity: normal Keywords:
Cc:

Description

Changes in 2.07 (25 Jun 2014)
  * Fixed a potential integer overflow condition in the "safe" decompressor
    variants which could result in a possible buffer overrun when
    processing maliciously crafted compressed input data.

    As this issue only affects 32-bit systems and also can only happen if
    you use uncommonly huge buffer sizes where you have to decompress more
    than 16 MiB (2^24 bytes) compressed bytes within a single function call,
    the practical implications are limited.

    POTENTIAL SECURITY ISSUE.

  * Removed support for ancient configurations like 16-bit "huge" pointers -
    LZO now requires a flat 32-bit or 64-bit memory model.
  * Assorted cleanups.

Change History (2)

comment:1 by Igor Živković, 10 years ago

Owner: changed from blfs-book@… to Igor Živković
Status: newassigned

comment:2 by Igor Živković, 10 years ago

Resolution: fixed
Status: assignedclosed

Fixed at r13326.

Note: See TracTickets for help on using tickets.