Yasm v1.3.0.78 was found prone to NULL Pointer Dereference in /libyasm/intnum.c and /elf/elf.c, which allows the attacker to cause a denial of service via a crafted file. https://gist.github.com/ChanStormstout/02eea9cf5c002b42b2ff3de5ca939520 https://github.com/yasm/yasm/issues/233
Created yasm tracking bugs for this issue: Affects: epel-7 [bug 2228937] Affects: fedora-all [bug 2228938]
The yasm security policy excludes untrusted input to yasm[1], can you please file a dispute for the CVE? [1] https://github.com/yasm/yasm/blob/master/SECURITY.mdd
In reply to comment #4: > The yasm security policy excludes untrusted input to yasm[1], can you please > file a dispute for the CVE? > > [1] https://github.com/yasm/yasm/blob/master/SECURITY.mdd Raised an arbitration issue with Top level Root MITRE who owns this CVE.
Fixed in: https://github.com/yasm/yasm/pull/234/commits/8a9af472a7160edf3d8ee0a994433d3c6e14cefc .