It was reported [1] that libmspack crashes with SIGFPE on a crafted CHM file. $ gpg -d < sigfpe.chm.asc > sigfpe.chm $ test/chmd_md5 sigfpe.chm *** sigfpe.chm d41d8cd98f00b204e9800998ecf8427e /#ITBITS Floating point exception Backtrace: #0 0x5655d37b in __divdi3 () #1 0x56559ebb in chmd_init_decomp (file=0x56563378, self=0x56562008) at mspack/chmd.c:1132 #2 chmd_extract (base=0x56562008, file=0x56563378, filename=0x0) at mspack/chmd.c:996 #3 0x56555c40 in main (argc=2, argv=0xffffd888) at test/chmd_md5.c:44 This crashes ClamAV scanning such a file. Proposed patch is attached. [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774725
Created attachment 977814 [details] fix-division-by-zero.diff
Created libmspack tracking bugs for this issue: Affects: fedora-all [bug 1180178] Affects: epel-all [bug 1180179]
Another (similar) issue was reported here: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775687 Proposed patch can be found in the Debian tracker.
libmspack-0.5-0.1.alpha.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.
libmspack-0.5-0.1.alpha.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.
CVE assigned: http://seclists.org/oss-sec/2015/q2/691