There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables
There's a possible overflow in handle_image() when shim tries to load and execute crafted EFI executables; The handle_image() function takes into account the SizeOfRawData field from each section to be loaded. An attacker can leverage this to perform out-of-bound writes into memory. Arbitrary code execution is not discarded in such scenario.
Affected products
- <15.6
Matching in nixpkgs
pkgs.yoshimi
High quality software synthesizer based on ZynAddSubFX
-
nixos-unstable -
- nixpkgs-unstable 2.3.4.1
pkgs.epoll-shim
Small epoll implementation using kqueue
-
nixos-unstable -
- nixpkgs-unstable 0.0.20240608
pkgs.libudev0-shim
Shim to preserve libudev.so.0 compatibility
-
nixos-unstable -
- nixpkgs-unstable 1
pkgs.plex-mpv-shim
Allows casting of videos to MPV via the Plex mobile and web app
-
nixos-unstable -
- nixpkgs-unstable 1.11.0
pkgs.shim-unsigned
UEFI shim loader
-
nixos-unstable -
- nixpkgs-unstable 16.1
pkgs.doas-sudo-shim
Shim for the sudo command that utilizes doas
-
nixos-unstable -
- nixpkgs-unstable 0.1.2
pkgs.rshim-user-space
User-space rshim driver for the BlueField SoC
-
nixos-unstable -
- nixpkgs-unstable 2.4.4
pkgs.jellyfin-mpv-shim
Allows casting of videos to MPV via the jellyfin mobile and web app
-
nixos-unstable -
- nixpkgs-unstable 2.9.0
pkgs.mpv-shim-default-shaders
Preconfigured set of MPV shaders and configurations for MPV Shim media clients
-
nixos-unstable -
- nixpkgs-unstable 2.1.0
pkgs.python312Packages.shimmy
API conversion tool for popular external reinforcement learning environments
-
nixos-unstable -
- nixpkgs-unstable 2.0.0
pkgs.pantheon.elementary-print-shim
Simple shim for printing support via Contractor
-
nixos-unstable -
- nixpkgs-unstable 0.1.3
pkgs.python312Packages.notebook-shim
Switch frontends to Jupyter Server
-
nixos-unstable -
- nixpkgs-unstable 0.2.4
pkgs.python313Packages.notebook-shim
Switch frontends to Jupyter Server
-
nixos-unstable -
- nixpkgs-unstable 0.2.4
pkgs.python312Packages.pytz-deprecation-shim
Shims to make deprecation of pytz easier
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.post0
pkgs.python313Packages.pytz-deprecation-shim
Shims to make deprecation of pytz easier
-
nixos-unstable -
- nixpkgs-unstable 0.1.0.post0
Package maintainers
-
@dani0854 Danil Suetin <suetin085+nixpkgs@protonmail.com>
-
@wegank Weijia Wang <contact@weijia.wang>
-
@jojosch Johannes Schleifenbaum <johannes@js-webcoding.de>
-
@devusb Morgan Helton <mhelton@devusb.us>
-
@davidak David Kleuker <post@davidak.de>
-
@bobby285271 Bobby Rong <rjl931189261@126.com>
-
@dotlambda Robert Schütz <rschuetz17@gmail.com>
-
@GaetanLepage Gaetan Lepage <gaetan@glepage.com>
-
@thillux Markus Theil <theil.markus@gmail.com>
-
@baloo Arthur Gautier <nixpkgs@superbaloo.net>
-
@RaitoBezarius Ryan Lahfa <ryan@lahfa.xyz>