Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 883673 (CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069)

Summary: <media-sound/abcm2ps-8.14.4: multiple vulnerabilities
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: minor CC: sound
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-29 20:17:43 UTC 
CVE-2019-1010069:

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.

https://github.com/leesavide/abcm2ps/issues/18
https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S

CVE-2018-10771:

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

https://github.com/leesavide/abcm2ps/issues/17
https://drive.google.com/open?id=1HE9cht7WJPauA66acyJrEywXX8R4Hg-2

CVE-2018-10753:

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

https://github.com/leesavide/abcm2ps/issues/16
https://drive.google.com/drive/u/2/folders/1DvBEh5D-eW4UkvX3947UQh62i7hUIFN1
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-29 20:18:03 UTC 
No GLSA, all done.