I'm not sure if and how this may affect TC but i'm reporting it, just in case...
http://it.slashdot.org/it/08/03/18/1724245.shtml
http://www.f-secure.com/weblog/archives/00001404.html
https://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
Vulnerabilities in programs that process archive files
Moderators: Hacker, petermad, Stefan2, white
Vulnerabilities in programs that process archive files
- Wanderer -
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Normally using latest TC on:
x32: WinXPx32 SP3 (very rarely nowadays).
x64: Clients/Servers - Win10/Win11 and Win2K16 to Win2K22, mainly Win10 though.
¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯
Normally using latest TC on:
x32: WinXPx32 SP3 (very rarely nowadays).
x64: Clients/Servers - Win10/Win11 and Win2K16 to Win2K22, mainly Win10 though.
-
ghisler(Author)
- Site Admin
- Posts: 50840
- Joined: 2003-02-04, 09:46 UTC
- Location: Switzerland
- Contact:
I have seen this too (on Heise.de). So far I have tested the ZIP and TAR unpackers, and will test the others too. There is no problem with the unpack functions themselves. The ZIP64 header read function sometimes reads beyond the allocated header buffer and causes an access violation, but this isn't a security problem. I will fix that in TC 7.5. The ppmd packer can get into an infinite loop when it reaches the end of the file, but it can be aborted with the Abort button. This isn't a security hole either, so it will be fixed in TC 7.5 too. The TAR packer has no problems at all with the tested files.
Author of Total Commander
https://www.ghisler.com
https://www.ghisler.com
