Control: tags 1101470 confirmed pending
Paul Brook wrote...
Buffer overrun leading to a crash when parsing ELF files with a large PT_INTERP segment.
Thanks for the report. Upstream seems to have fixed that after the 5.46 release, but in a different way:
https://github.com/file/file/commit/FILE5_46-7-gb3384a1f
The resolves the issue, at least for the reproducer you've provided. If
you think this is not sufficient, please let me know soon.
Upload of a fixed version to upstable will follow soon.
FTR, this was introduced in upstream commit <FILE5_45-251-g87ed2d47>¹, therefore neither Debian 13 ("trixie") nor any older release are
affected.
Christoph
¹
https://github.com/file/file/commit/FILE5_45-251-g87ed2d47
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEWXMI+726A12MfJXdxCxY61kUkv0FAmfmcM8ACgkQxCxY61kU kv3+BQ//b8zlTBhSeVKOjo0iJ9bWbA8OZ3W08HhNkptFW2NB/DLWKbLIUrhmWBU0 l6OmH7uIJZgGZ9Zt5W84c1bG0fWOR4iJaOmab07u0VFib0zxOMv2SPDbUrfN2z9U 38QzkG4pRvDJvMwRiEfu16mAT+qoXX9/aYtlgG50AUXZmKxDNNpOh2CF7op0F5vX fCj6OyM1uLNrLdQJkvNe4SjH+Zi9/gtT/a8IbsOHGjRBru4RVwTsQNXUz/fKauS3 lfQPMAbULvsMIdF7ca1TXJI5zVLzXzlpGXPP4c7oN3HFkEB24a+sGtcfRcs0/PU5 RFnXxTKjrcz88A6oEH9nOlgykbQnO5nQVTEUSP+oikmTAM2AMli5GN4ds+xxTwK1 xwIPkUC+dwZcVHsBbnieWP2pCXt/SIlmNGtSuwmJnaX3Zvmx00pB1qgopriC93nJ oAwNDr8Fu7qyOlKjCrlSzTpYFcLs1nXaIXAml1IADsoUioPsExo436EXpj495Q0K RxZdCOTyYngybib+hqzBkPi9he1Il1ObDtqup8JjNd+o+98F3yHfTXQQmdxzoKEk nt+4bMSNeh6kazNTKZjHoET5XGyoRe2DlONoWLUDGLJqbrfNmp3U4Mf2rbpeSIgp ssnzDeTXhkBlD6RY5PkSpnIXNDP4mEL9zOlu6VqDHk3DOfQVBWo=
=Dv26
-----END PGP SIGNATURE-----
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)