Re: CVE id request for links2

[Nico Golde <oss-security+ml () ngolde de>]

Hi,
* Kurt Seifried <kseifried () redhat com> [2012-04-10 21:56]:
> On 04/09/2012 08:43 PM, Nico Golde wrote:
[...] 
> > I discovered some out of memory accesses in links2 graphics mode
> > that could be potentially used to run exploits. I fixed them in
> > links-2.6. For Debian Squeeze, I am sending this patch that
> > backports the fixes to links-2.3pre1. Apply the patch and
> > distribute patched packages links and links2 through 
> > security.debian.org.
> >
> >
> > [...] This patch fixes:
> >
> > Buffer overflow when pasting too long text from clipboard to dialog
> > boxes (not remotely exploitable)
>
> Can this result in code execution?

I am not sure about this one.
For out of memory write in dip.c, my guess is yes, it is basically possible to
write past an allocated buffer. Even though I can't tell you what data would
reside in that area.
For the xbm decoder, the problem has basically been that xbm_decode() did not
indicate an error when decoding xbm images and thus the callers would continue
to operate on the parsed structures even though the image is faulty.

Cheers
Nico
-- 
Nico Golde - http://www.ngolde.de - nion () jabber ccc de - GPG: 0xA0A0AAAA
For security reasons, all text in this mail is double-rot13 encrypted.

Attachment: _bin
Description: