oss-sec mailing list archives

[vim-security] buffer-overlow in xxd with colored output < v9.1.0404

From: Christian Brabandt <cb () 256bit org>
Date: Fri, 10 May 2024 14:47:13 +0200

buffer overflow when outputting colored output in xxd
=====================================================
Date: 10.05.2024
Severity: Low

When outputting colored hexdumps using the -R command line flag, 
together with -g1 (group every byte), -c 256 (format 256 octets per 
line), -d (show offsets in decimal) and -o <large_numer> (add offset to 
the file position), the buffer used to write to may overflow.

Impact is low since the user must intentionally execute xxd with several 
non-default flags, but it may cause a crash of xxd.

The Vim project would like to thank github user Lennard Hofmann for 
reporting and fixing this issue in Vim patch 9.1.0404.

URLs: https://github.com/vim/vim/commit/67797191e039196128c69

Thanks,
Chris
-- 
Ein Torheit, über die viele Satiren gemacht worden und bei der jede
neue Satire verliert, ist in der Wirklichkeit desto komischer.
                -- Jean Paul

Current thread:

[vim-security] buffer-overlow in xxd with colored output < v9.1.0404 Christian Brabandt (May 10)