FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

libetpan -- null dereference vulnerability in MIME parsing component

Affected packages
libetpan < 1.8

Details

VuXML ID 57600032-34fe-11e7-8965-bcaec524bf84
Discovery 2017-04-29
Entry 2017-05-09

rwhitworth reports:

I was using American Fuzzy Lop (afl-fuzz) to fuzz input to the mime-parse test program. Is fixing these crashes something you're interested in? The input files can be found here: https://github.com/rwhitworth/libetpan-fuzz/. The files can be executed as ./mime-parse id_filename to cause seg faults.

References

CVE Name CVE-2017-8825
URL http://cve.circl.lu/cve/CVE-2017-8825