CVE-2017-11367: Global buffer overflow (READ of size 4) in shoco C library

The shoco_decompress function in the API in shoco through 2017-07-17 `allows remote attackers to cause a denial of service (buffer over-read and application crash) via malformed compressed data`. The vendor has been unresponsive since this was reported in February of 2017. ``` ==19039==ERROR: AddressSanitizer: global-buffer-overflow on address 0x0000004d0548 at pc 0x0000004bfdda bp 0x7ffd2945a650 sp 0x7ffd2945a648 READ of size 4 at 0x0000004d0548 thread T0 #0 0x4bfdd9 in shoco_decompress (/root/shoco/shoco+0x4bfdd9) #1 0x4c017c in main (/root/shoco/shoco+0x4c017c) #2 0x7f542c310b44 in __libc_start_main /build/glibc-qK83Be/glibc-2.19/csu/libc-start.c:287 #3 0x4bd56c in _start (/root/shoco/shoco+0x4bd56c) 0x0000004d0548 is located 24 bytes to the left of global variable 'chrs_by_chr_and_successor_id' defined in './shoco_model.h:58:21' (0x4d0560) of size 1328 0x0000004d0548 is located 8 bytes to the right of global variable 'chrs_by_chr_id' defined in './shoco_model.h:15:19' (0x4d0520) of size 32 SUMMARY: AddressSanitizer: global-buffer-overflow ??:0 shoco_decompress ``` Original bug report: https://github.com/Ed-von-Schleck/shoco/issues/28 CVE Advisory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11367 I understand this probably isn't worthy of a bounty, but the reputation points for a resolved report are always nice.