Multiple vulnerabilities were found in dosfstools. The variable used for storing the FAT size (in bytes) was an unsignedint. Since the size in sectors read from the BPB was not sufficiently checked, this could end up being zero after multiplying it with the sector size while some offsets still stayed excessive. Ultimately it would cause segfaults when accessing FAT entries for which no memory was allocated. External references: https://github.com/dosfstools/dosfstools/issues/25 https://github.com/dosfstools/dosfstools/issues/26 https://blog.fuzzing-project.org/44-dosfstools-fsck.vfat-Several-invalid-memory-accesses.html Upstream fix: https://github.com/dosfstools/dosfstools/commit/e8eff147e9da1185f9afd5b25948153a3b97cf52
Created dosfstools tracking bugs for this issue: Affects: fedora-all [bug 1337499]
dosfstools-3.0.28-3.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
dosfstools-3.0.28-3.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
dosfstools-3.0.27-2.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.