mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. External References: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty/
Created mgetty tracking bugs for this issue: Affects: fedora-29 [bug 1739376]
Created attachment 1652882 [details] Upstream patch
Upstream patch for this issue (attached): commit 0162663ed5f45209792995b54e36424334ee46da Author: Gert Doering <gert.de> Date: Thu Sep 6 23:14:49 2018 +0200 Fix invalid lseek() leading to infinite loop in g32pbm Commit 3ab78bddf4 "cleaned up code", supposedly replacing the magic constant "1" with "SEEK_CUR" in the lseek() call used for file pointer reporting on code violations. Unfortunately this was mistyped in the actual code change as "SEEK_SET", thus rewinding the file to start on each G3 decoding error -> endless loop. Issue found and reported by Eric Sesterhenn <eric.sesterhenn> Signed-off-by: Gert Doering <gert.de>