CVE-2019-15759

Priority
Description
An issue was discovered in Binaryen 1.38.32. Two visitors in
ir/ExpressionManipulator.cpp can lead to a NULL pointer dereference in
wasm::LocalSet::finalize in wasm/wasm.cpp. A crafted input can cause
segmentation faults, leading to denial-of-service, as demonstrated by
wasm2js.
Notes
Package
Upstream:released (89-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):DNE
Ubuntu 19.04 (Disco Dingo):needs-triage
Ubuntu 19.10 (Eoan):not-affected (89-1)
More Information

Updated: 2019-10-18 02:45:52 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)