FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

brotli -- buffer overflow

Affected packages
0.3.0 <= brotli < 0.3.0_1
brotli < 0.2.0_2
libbrotli < 0.3.0_3
chromium < 48.0.2564.109
chromium-npapi < 48.0.2564.109
chromium-pulse < 48.0.2564.109
firefox < 45.0,1
linux-firefox < 45.0,1
linux-seamonkey < 2.42
seamonkey < 2.42
firefox-esr < 38.7.0,1
libxul < 38.7.0
linux-thunderbird < 38.7.0
thunderbird < 38.7.0

Details

VuXML ID 1bcfd963-e483-41b8-ab8e-bad5c3ce49c9
Discovery 2016-02-08
Entry 2016-03-08
Modified 2016-03-08

Google Chrome Releases reports:

[583607] High CVE-2016-1624: Buffer overflow in Brotli. Credit to lukezli.

[source]

Mozilla Foundation reports:

Security researcher Luke Li reported a pointer underflow bug in the Brotli library's decompression that leads to a buffer overflow. This results in a potentially exploitable crash when triggered.

[source]

References

CVE Name CVE-2016-1624
CVE Name CVE-2016-1968
URL https://chromium.googlesource.com/chromium/src/+/7716418a27d561ee295a99f11fd3865580748de2%5E!/
URL https://github.com/google/brotli/commit/37a320dd81db8d546cd24a45b4c61d87b45dcade
URL https://hg.mozilla.org/releases/mozilla-release/rev/4a5d8ade4e3e
URL https://www.mozilla.org/security/advisories/mfsa2016-30/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.