Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 131191

Summary: media-sound/abcm2ps: buffer overflow (CVE-2006-1513)
Product: Gentoo Security Reporter: Raphael Marichez (Falco) (RETIRED) <falco>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: normal CC: sound, tcort
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://www.debian.org/security/2006/dsa-1041
Whiteboard: B2 [ebuild+]
Package list:
Runtime testing required: ---

Description Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-25 00:38:43 UTC
Erik Sj
Comment 1 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-25 00:38:43 UTC
Erik Sjölund discovered that abc2ps, a translator for ABC music
description files into PostScript, does not check the boundaries when
reading in ABC music files resulting in buffer overflows.

http://www.debian.org/security/2006/dsa-1041


i apologize if this is a dup of a confidential bug.
Comment 2 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-04-25 00:41:33 UTC
The patch may be available from debian sources. Don't have the time to check this atm.
Comment 3 Thierry Carrez (RETIRED) gentoo-dev 2006-05-09 10:23:26 UTC
sound team please advise
Comment 4 Diego Elio Pettenò (RETIRED) gentoo-dev 2006-05-09 10:35:49 UTC
Can I cry, as debian patches are always a pita? :|

I'll see what I can do in a sec...
Comment 5 Diego Elio Pettenò (RETIRED) gentoo-dev 2006-05-09 10:38:01 UTC
Uh wait.. is that the same package? because the url refers to "abc2ps", while this bug to "abcm2ps", the version numbers are completely different...
we don't even have an abc2ps in portage.
Comment 6 Thomas Cort (RETIRED) gentoo-dev 2006-05-09 10:46:44 UTC
(In reply to comment #2)
> sound team please advise

media-sound/abcm2ps-3.7.21 is based on abc2ps version 1.2.5. The debian patch fixes the unbounded sscanf() calls in abc2ps.c in abc2ps-1.3.3, but abcm2ps-3.7.21 (the one we have in portage) still has unbounded sscanf() calls, so it is vulnerable. As far as I can tell there is no patch for it yet, I'll work on one today.
Comment 7 Thomas Cort (RETIRED) gentoo-dev 2006-05-09 11:00:41 UTC
(In reply to comment #5)
> it is vulnerable.

Actually it isn't. I was looking the wrong source code, sorry. Upon further inspection I found that abcm2ps only calls sscanf to read strings once and they are both bounded. Sorry for the confusion.
Comment 8 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-05-09 13:30:13 UTC
(In reply to comment #6)
> Actually it isn't. 

OK. So, resolved+invalid ? Sec team, confirm ?

Comment 9 Thierry Carrez (RETIRED) gentoo-dev 2006-05-14 09:47:20 UTC
invalid then