A use-after-free flaw has been discovered in libcomps before version 0.1.10 in the way ObjMRTrees are merged. An attacker, who is able to make an application read a crafted comps XML file, may be able to crash the application or execute malicious code.
{ "vanir_signatures": [ { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_radix.c", "function": "comps_rtree_unite" }, "signature_version": "v1", "digest": { "length": 1720.0, "function_hash": "221883842316877266225135665509008155299" }, "signature_type": "Function", "id": "CVE-2019-3817-09c12797" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_objmradix.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "253665598825233029093033739596960373873", "337445221573669159305150971171357881214", "165686396496938068983173430501596014117", "131845258616473942916386536453394588445", "86869103249019105588737519873273828133", "253655779738947529595166061923216200999", "325780392788154685801315612498824002784", "80128346591984801325755628513139326636" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2019-3817-6262e170" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_objmradix.c", "function": "comps_objmrtree_unite" }, "signature_version": "v1", "digest": { "length": 1967.0, "function_hash": "339101478074468591327783017204771854819" }, "signature_type": "Function", "id": "CVE-2019-3817-65f8301d" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_radix.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "253665598825233029093033739596960373873", "337445221573669159305150971171357881214", "165686396496938068983173430501596014117", "131845258616473942916386536453394588445" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2019-3817-68352ec9" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_objradix.c", "function": "comps_objrtree_unite" }, "signature_version": "v1", "digest": { "length": 1699.0, "function_hash": "307666424191030074401432142163007664969" }, "signature_type": "Function", "id": "CVE-2019-3817-739582da" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_mradix.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "253665598825233029093033739596960373873", "337445221573669159305150971171357881214", "165686396496938068983173430501596014117", "131845258616473942916386536453394588445", "86869103249019105588737519873273828133", "253655779738947529595166061923216200999", "325780392788154685801315612498824002784", "272198591804369979339929438277714930493" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2019-3817-8cc697f9" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_mradix.c", "function": "comps_mrtree_unite" }, "signature_version": "v1", "digest": { "length": 1956.0, "function_hash": "48544156199186513404856293592824836570" }, "signature_type": "Function", "id": "CVE-2019-3817-ce03e02e" }, { "source": "https://github.com/rpm-software-management/libcomps/commit/e3a5d056633677959ad924a51758876d415e7046", "deprecated": false, "target": { "file": "libcomps/src/comps_objradix.c" }, "signature_version": "v1", "digest": { "line_hashes": [ "253665598825233029093033739596960373873", "337445221573669159305150971171357881214", "165686396496938068983173430501596014117", "131845258616473942916386536453394588445", "190462805541812933931988042811062554250", "338901244845187452905579488875482000055", "316369999271288864678030682587520042431" ], "threshold": 0.9 }, "signature_type": "Line", "id": "CVE-2019-3817-d4c713da" } ] }