[Midnightbsd-cvs] [MidnightBSD/src] 4a9725: iconv: Fix buffer overflows in HZ, UTF-7, VIQR, ZW...

Lucas Holt noreply at github.com
Tue Jun 30 21:11:36 EDT 2026


  Branch: refs/heads/stable/4.1
  Home:   https://github.com/MidnightBSD/src
  Commit: 4a97253c5ced0e281f6293b71105e0292570be06
      https://github.com/MidnightBSD/src/commit/4a97253c5ced0e281f6293b71105e0292570be06
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-06-30 (Tue, 30 Jun 2026)

  Changed paths:
    M lib/libiconv_modules/HZ/citrus_hz.c
    M lib/libiconv_modules/ISO2022/citrus_iso2022.c
    M lib/libiconv_modules/UTF7/citrus_utf7.c
    M lib/libiconv_modules/VIQR/citrus_viqr.c
    M lib/libiconv_modules/ZW/citrus_zw.c

  Log Message:
  -----------
  iconv: Fix buffer overflows in HZ, UTF-7, VIQR, ZW and ISO-2022 modules

Several citrus iconv(3) encoding modules (HZ, UTF-7, VIQR, ZW) did not
check the size of the caller-supplied output buffer before writing
converted characters [CVE-2026-58081].  The ISO-2022 module used a
stack buffer sized to MB_LEN_MAX (6 bytes) for intermediate output, but
some ISO-2022 variants require up to 10 bytes per character, allowing a
stack buffer overflow of up to four bytes [CVE-2026-58082].

An application using iconv(3) to convert untrusted input to or from one
of the affected encodings could be vulnerable to buffer overflows.

Ported from the FreeBSD fix for SA-26:49.iconv (FreeBSD commit
d62d0b6586a8), which is derived from NetBSD's citrus changes by
Nick Wellnhofer and Mark Johnston.

Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58081
Security:	CVE-2026-58082
Obtained from:	FreeBSD

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply at anthropic.com>


  Commit: 8415134c9b61f45f8e02615ce0d0f49426634c1b
      https://github.com/MidnightBSD/src/commit/8415134c9b61f45f8e02615ce0d0f49426634c1b
  Author: Lucas Holt <luke at foolishgames.com>
  Date:   2026-06-30 (Tue, 30 Jun 2026)

  Changed paths:
    M UPDATING

  Log Message:
  -----------
  UPDATING: Note SA-26:49.iconv fix

Security:	FreeBSD-SA-26:49.iconv
Security:	CVE-2026-58081
Security:	CVE-2026-58082

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply at anthropic.com>


Compare: https://github.com/MidnightBSD/src/compare/6654c0914a72...8415134c9b61

To unsubscribe from these emails, change your notification settings at https://github.com/MidnightBSD/src/settings/notifications


More information about the Midnightbsd-cvs mailing list