exFAT: Multiple vulnerabilities — GLSA 201612-31

Two vulnerabilities have been found in exFAT allowing remote attackers to execute arbitrary code or cause Denial of Service.

Affected Packages

sys-fs/exfat-utils on all architectures
Affected versions < 1.2.1
Unaffected versions >= 1.2.1

Background

A full-featured exFAT file system implementation for Unix-like systems.

Description

Two vulnerabilities were found in exFAT. A malformed input can cause a write heap overflow or cause an endless loop.

Impact

Remote attackers could execute arbitrary code or cause Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All exFAT users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=sys-fs/exfat-utils-1.2.1"
 

References

Release Date
December 12, 2016

Latest Revision
December 12, 2016: 1

Severity
normal

Exploitable
remote

Bugzilla entries