Picasm is affected by a remote buffer overflow vulnerability. An attacker can exploit this issue by supplying an excessive 'error' directive. If successfully exploited, this issue can allow a remote attacker to gain access to the affected computer in the context of the user running the application. Picasm 1.12b and prior versions are vulnerable to this issue.
dragonheart, please bump to 1.12c http://www.co.jyu.fi/~trossi/pic/
added and stable.
Thanks dragonheart. Security members, time to vote if we should issue a GLSA (because this vulnerability is similar to the nasm one)
I would class it in the same vein as NASM : the exploit profile looks a little too unlikely to me, and exploit is in a readable source file. So I tend to vote NO the same. The only thing bothering me is that every other distribution issued advisories on NASM and we'll probably have to deal with questions about it soon.
Voting a full NO, this seems tricky to exploit.
Then we are done.
