Security vulnerabilities and automated fixes for decompression issues
2 posts found
A high-severity buffer overflow vulnerability was discovered in `user/libprtos/common/lzss.c`, where the LZSS decompression routine failed to validate offset and length values decoded from compressed input before using them as indices into the `text_buf` ring buffer. An attacker supplying crafted compressed data could trigger out-of-bounds reads or writes, potentially leading to memory corruption, information disclosure, or arbitrary code execution. The fix introduces strict bounds validation on
A critical heap buffer overflow vulnerability was discovered in the LZMA decompression library (`LzmaDec.c`), where attacker-controlled compressed input could manipulate copy lengths passed directly to `memcpy` without bounds validation. This class of vulnerability can allow attackers to overwrite adjacent heap memory, potentially leading to arbitrary code execution or process crashes. A targeted bounds check was added to validate the output size before the copy operation, closing the attack pat