{"id":"MGASA-2016-0184","summary":"Updated dosfstools packages fix security vulnerabilities","details":"Updated dosfstools package fixes security vulnerabilities:\n\nIn dosfstools before 4.0, if the third to last entry was written on a FAT12\nfilesystem with an odd number of clusters, the second to last entry would be\ncorrupted. This corruption may also lead to invalid memory accesses when the\ncorrupted entry becomes out of bounds and is used later (CVE-2015-8872).\n\nIn dosfstools before 4.0, the variable used for storing the FAT size (in bytes)\nwas an unsigned int. Since the size in sectors read from the BPB was not\nsufficiently checked, this could end up being zero after multiplying it with\nthe sector size while some offsets still stayed excessive. Ultimately it would\ncause segfaults when accessing FAT entries for which no memory was allocated\n(CVE-2016-4804).\n","modified":"2026-02-04T03:45:49.968289Z","published":"2016-05-18T20:14:22Z","related":["CVE-2015-8872","CVE-2016-4804"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0184.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=18462"},{"type":"REPORT","url":"http://openwall.com/lists/oss-security/2016/05/14/1"}],"affected":[{"package":{"name":"dosfstools","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/dosfstools?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0.27-1.1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0184.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}