| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 0001-widechar-off-by-one.patch | [PATCH] utils: Fix off-by-one error in pe_utils_str_widechar2ascii. | Jardel Weyrich <jweyrich@gmail.com> | no | debian | https://github.com/merces/libpe/commit/5737a97c57be175333fc0c6f51bb2cdd7101c17e | 2021-01-18 |
| 0002-fix-bo-pe_exports.patch | fix a buffer overflow vulnerability (CVE-2021-45423) A Buffer Overflow vulnerability exists in Pev 0.81 via the pe_exports function from exports.c. The array offsets_to_Names is dynamically allocated on the stack using exp->NumberOfFunctions as its size. However, the loop uses exp->NumberOfNames to iterate over it and set its components value. Therefore, the loop code assumes that exp->NumberOfFunctions is greater than ordinal at each iteration. This can lead to arbitrary code execution. |
Saullo Carvalho Castelo Branco <saullocarvalho@gmail.com> | yes | debian upstream | upstream, https://github.com/merces/libpe/commit/5f44724e8fcdebf8a6b9fd009543c9dcfae4ea32 | 2023-04-22 |