oss-sec mailing list archives
[vim-security] buffer-overlow in xxd with colored output < v9.1.0404
From: Christian Brabandt <cb () 256bit org>
Date: Fri, 10 May 2024 14:47:13 +0200
buffer overflow when outputting colored output in xxd ===================================================== Date: 10.05.2024 Severity: Low When outputting colored hexdumps using the -R command line flag, together with -g1 (group every byte), -c 256 (format 256 octets per line), -d (show offsets in decimal) and -o <large_numer> (add offset to the file position), the buffer used to write to may overflow. Impact is low since the user must intentionally execute xxd with several non-default flags, but it may cause a crash of xxd. The Vim project would like to thank github user Lennard Hofmann for reporting and fixing this issue in Vim patch 9.1.0404. URLs: https://github.com/vim/vim/commit/67797191e039196128c69 Thanks, Chris -- Ein Torheit, über die viele Satiren gemacht worden und bei der jede neue Satire verliert, ist in der Wirklichkeit desto komischer. -- Jean Paul
Current thread:
- [vim-security] buffer-overlow in xxd with colored output < v9.1.0404 Christian Brabandt (May 10)