The fix date: 2015-12-08

Cumulative fix of potentially critical bugs found in IDA

Please specify the path to your ida.key file to receive fixes for your copy of IDA.

Your ida.key

Thank you!
  1. Vulnerability in the WinDbg debugger module, reported by --undisclosed-- on 2011-04-10 at 01:58. A specially crafted idb file could lead to launching debugger on any file. This affects early copies of 6.1 running on MS Windows.
  2. Potential vulnerability in qrealloc() and qrealloc_or_throw(), reported by Masaaki Chida on 2011-04-20 at 17:58. We provide a fix for v6.1
  3. Vulnerability in idapython, reported by Greg MacManus on 2012-03-19 at 19:50. IDA could load some scripts with predetermined names from the directory with the input file. We provide fixes for both 6.1 and 6.2
  4. Vulnerability in the btree database engine triggered by a specially malformed database. We do not have POC code and it is not very likely that the vulnerability is exploitable, but we publish this fix anyway. The vulnerability was reported by Corey Kallenberg on 2012-04-09 at 18:44. We provide fixes for all versions >= 6.1 (we updated this fix on 2013-05-29; it would erroneously complain about some databases)
  5. Vulnerability in the .net processor module triggered by a specially crafted database. The vulnerability was reported by Masaaki Chida on 2013-07-07 at 01:33. We provide a fix for v6.3 and v6.4
  6. Vulnerability in the windbg plugin triggered by a specially crafted database. The vulnerability was reported by Masaaki Chida on 2013-07-15 at 19:14. We provide a fix for v6.4
  7. Vulnerability in the hint calculation triggered by a specially crafted database. The vulnerability was reported by Masaaki Chida on 2013-07-21 at 11:13. We provide a fix for v6.4
  8. Vulnerability in the mach-o loader triggered by a specially crafted input file. The vulnerability was reported by George Hotz on 2014-01-05 at 01:07. We provide a fix for IDA version v6.4. IDA v6.5 build 140115 includes the fix, so there is no need in a separate fix for it.
  9. Vulnerability in the kernel triggered by a specially malformed database. The TIL part of the malformed database could be used to trigger the vulnerability. The vulnerability was reported by Tadashi Kobayashi on 2014-06-09 at 17:52. We provide a fix for v6.5 and v6.6.
  10. qrealloc() could manage to allocate 0xDEADBEEF bytes on Linux64. This value was used to force a std:bad_alloc() exception, and a successful memory allocation was not what other parts of IDA were expecting. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.
  11. COFF: maliciously truncated symbol table could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.
  12. EPOC: a specially crafted input file could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.
  13. DEX: a specially crafted input file could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.
  14. PEF: a specially crafted input file could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2014-09-06 at 12:54. We provide a fix for v6.5 and v6.6.
  15. EPOC, ELF, PE: a specially crafted input file could lead to a memory corruption. These bugs were reported by Robert Święcki on 2014-11-19 at 23:34.
  16. A double free() call in the kernel could be triggered with a specially crafted input file. The bug was reported by Mateusz Jurczyk on 2014-11-26 at 12:07.
  17. A double free() call the .net loader could be triggered with a specially crafted input file. The bug was reported by Mateusz Jurczyk on 2014-11-26 at 12:07.
  18. DEX: a classical stack buffer overflow could occur when loading a specially crafted input file. The bug was reported by Mateusz Jurczyk on 2014-11-26 at 12:07.
  19. PE: a specially crafted input file could lead to a memory corruption. The bug was reported by Robert Święcki on 2014-12-03 at 01:59.
  20. GDB: a malicious gdbserver could cause a heap buffer overflow. The bug was reported by George Nosenko on 2014-12-19 at 20:15.
  21. Heap corruption bug in the COFF loader. The bug was reported by Mateusz Jurczyk on 2015-01-08 at 20:48.
  22. Format string vulnerability in the COFF loader. The bug was reported by Mateusz Jurczyk on 2015-01-08 at 20:48.
  23. 4 bugs in the rpc protocol between IDA and debugger servers. The bugs were reported by Mateusz Jurczyk on 2015-01-14 at 12:08.
  24. 3 bugs causing memory corruptions when handling a broken B-tree. The bugs were reported by Mateusz Jurczyk on 2015-01-27 at 21:08.
  25. Incorrect number of function entries in the database could lead to a memory corruption. The bug was reported by Mateusz Jurczyk on 2015-01-27 at 21:08.
  26. Overflow of an array bounds when generating a disassembly line caused by a corrupted database. The bug was reported by Mateusz Jurczyk on 2015-01-27 at 21:08.
  27. ARM: overflow of an array bounds in the case of incorrect IT block descriptor in the database. The bug was reported by Mateusz Jurczyk on 2015-01-27 at 21:08.
  28. PE: a specially crafted input file could lead to a heap corruption. We provide a fix for v6.8. The bug was reported by Mateusz Jurczyk on 2015-11-17 at 14:36.
  29. PE: a specially crafted input file could lead to a static buffer overflow. We provide a fix for v6.8. The bug was reported by Mateusz Jurczyk on 2015-11-17 at 14:36.
  30. The archive includes fixes for other bugs (not necessarily security bugs) discovered and fixed so far.