Bug#1067896: Update

To: 1067896@bugs.debian.org
Subject: Bug#1067896: Update
From: Pedro Ribeiro <pedrib@gmail.com>
Date: Fri, 27 Dec 2024 12:36:05 +0000
Message-id: <[🔎] 75700352-8912-4db5-ad7a-d02808e67fc5@gmail.com>
Reply-to: Pedro Ribeiro <pedrib@gmail.com>, 1067896@bugs.debian.org
References: <6cfb8b92-47e6-4b03-acd0-7be7d9210fa6@gmail.com>

In the first message there is a typo on the PoC for vulnerability #2. Where it reads:

### 2.1 Steps to reproduce

`rapper -i turtle heap_read_overflow.poc`

Contents of `heap_read_overflow.poc`:

```
_:/exaple/o
```


It should read:

### 2.1 Steps to reproduce

`rapper -i nquads heap_read_overflow.poc`

Contents of `heap_read_overflow.poc`:

```
_:/exaple/o
```

This second vulnerability is on the nquads parser, not the turtle as the first one.



I've verified both vulnerabilities are still open and the PoC work on the latest git e4285ae. I have published the write-up / PoC at my repo https://github.com/pedrib/PoC/blob/master/fuzzing/raptor-fuzz.md and I have also requested a CVE, will update here when CVE numbers are issued.


Regards,
Pedro

Reply to:

Prev by Date: Bug#1082830: unpaper: sometimes the data loss happens even for 300dpi pages
Next by Date: Processing of x52pro_0.1.1-7_source.changes
Previous by thread: Bug#1082830: unpaper: sometimes the data loss happens even for 300dpi pages
Next by thread: Processing of x52pro_0.1.1-7_source.changes
Index(es):
- Date
- Thread