oss-sec mailing list archives
Re: CVE id request for links2
From: Nico Golde <oss-security+ml () ngolde de>
Date: Thu, 12 Apr 2012 02:10:03 +0200
Hi, * Kurt Seifried <kseifried () redhat com> [2012-04-10 21:56]:
On 04/09/2012 08:43 PM, Nico Golde wrote:
[...]
I discovered some out of memory accesses in links2 graphics mode that could be potentially used to run exploits. I fixed them in links-2.6. For Debian Squeeze, I am sending this patch that backports the fixes to links-2.3pre1. Apply the patch and distribute patched packages links and links2 through security.debian.org. [...] This patch fixes: Buffer overflow when pasting too long text from clipboard to dialog boxes (not remotely exploitable)Can this result in code execution?
I am not sure about this one. For out of memory write in dip.c, my guess is yes, it is basically possible to write past an allocated buffer. Even though I can't tell you what data would reside in that area. For the xbm decoder, the problem has basically been that xbm_decode() did not indicate an error when decoding xbm images and thus the callers would continue to operate on the parsed structures even though the image is faulty. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA For security reasons, all text in this mail is double-rot13 encrypted.
Attachment:
_bin
Description:
Current thread:
- CVE id request for links2 Nico Golde (Apr 09)
- Re: CVE id request for links2 Huzaifa Sidhpurwala (Apr 09)
- Re: CVE id request for links2 Kurt Seifried (Apr 10)
- Re: CVE id request for links2 Nico Golde (Apr 11)
- Re: CVE id request for links2 Kurt Seifried (May 05)
- Re: CVE id request for links2 Nico Golde (Apr 11)