Summary: | app-text/unrtf-0.19.3: process_font_table overflows name buffer | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Sascha Silbe <sascha-gentoo-bugzilla> | ||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||
Status: | RESOLVED FIXED | ||||||||||
Severity: | normal | CC: | robbat2 | ||||||||
Priority: | High | ||||||||||
Version: | unspecified | ||||||||||
Hardware: | All | ||||||||||
OS: | All | ||||||||||
Whiteboard: | B2 [glsa] koon | ||||||||||
Package list: | Runtime testing required: | --- | |||||||||
Attachments: |
|
Description
Sascha Silbe
2004-12-15 05:25:54 UTC
Created attachment 46032 [details]
81.rtf from advisory
robbat2/aliz: you have committed ebuilds for this before... pls verify and advise Strange the DJB didn't attach a fix as well. Funnily enough that corrupt file is caught by Windows, but it does affect unrtf on linux. ====================================================== Candidate: CAN-2004-1297 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-1297 Reference: MISC:http://tigger.uic.edu/~jlongs2/holes/unrtf.txt Buffer overflow in the process_font_table function in convert.c for unrtf 0.19.3 allows remote attackers to execute arbitrary code via a crafted RTF file. ====================================================== Created attachment 47210 [details, diff] unrtf-final.patch Patch from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=287038 Created attachment 47211 [details, diff]
unrtf-final.patch
Clean unrtf-final.patch
No metadata... aliz/robbat2: please bump with patch. -r1 in CVS now, ready for amd64 ppc s390 to stabilze. It's marked stable for x86 already. ppc, s390: please test 0.19.3-r1 and mark stable stable on ppc. glsa 200501-15 |