oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

CVE request: libxmp MASI Parsing Buffer Overflow Vulnerability

From: Agostino Sarubbo <ago () gentoo org>
Date: Mon, 22 Apr 2013 13:01:17 +0200
From the secunia advisory SA53114[1]:


Description
A vulnerability has been reported in libxmp, which can be exploited by 
malicious people to compromise an application using the library.

The vulnerability is caused due to a boundary error in the "get_dsmp"() 
function (src/loaders/masi_load.c) when parsing MASI files, which can be 
exploited to cause a buffer overflow.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is reported in versions prior to 4.1.0.


Solution
Update to version 4.1.0.

Provided and/or discovered by
The vendor credits Douglas Carmichael.

Original Advisory
http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view

Commit:
http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40/


[1]: https://secunia.com/advisories/53114/
-- 
Agostino Sarubbo
Gentoo Linux Developer
Previous By Date Next
Previous By Thread Next

Current thread: