FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

bchunk -- heap-based buffer overflow (with invalid free) and crash

Affected packages
1.2.0 <= bchunk <= 1.2.1

Details

VuXML ID 8ba2819c-0e9d-11e8-83e7-485b3931c969
Discovery 2017-10-28
Entry 2018-02-13

Mitre reports:

bchunk 1.2.0 and 1.2.1 is vulnerable to a heap-based buffer overflow (with a resultant invalid free) and crash when processing a malformed CUE (.cue) file.

References

CVE Name CVE-2017-15954
URL https://nvd.nist.gov/vuln/detail/CVE-2017-15954