Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 883673 (CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069) - <media-sound/abcm2ps-8.14.4: multiple vulnerabilities
Summary: <media-sound/abcm2ps-8.14.4: multiple vulnerabilities
Status: RESOLVED FIXED
Alias: CVE-2018-10753, CVE-2018-10771, CVE-2019-1010069
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2022-11-29 20:17 UTC by John Helmert III
Modified: 2022-11-29 20:18 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-29 20:17:43 UTC
CVE-2019-1010069:

moinejf abcm2ps 8.13.20 is affected by: Incorrect Access Control. The impact is: Allows attackers to cause a denial of service attack via a crafted file. The component is: front.c, function txt_add. The fixed version is: after commit commit 08aef597656d065e86075f3d53fda89765845eae.

https://github.com/leesavide/abcm2ps/issues/18
https://drive.google.com/drive/u/2/folders/1Y2IbtEr9v4l4Ruie_AY9BFJOHOGiDt7S

CVE-2018-10771:

Stack-based buffer overflow in the get_key function in parse.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

https://github.com/leesavide/abcm2ps/issues/17
https://drive.google.com/open?id=1HE9cht7WJPauA66acyJrEywXX8R4Hg-2

CVE-2018-10753:

Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.

https://github.com/leesavide/abcm2ps/issues/16
https://drive.google.com/drive/u/2/folders/1DvBEh5D-eW4UkvX3947UQh62i7hUIFN1
Comment 1 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-11-29 20:18:03 UTC
No GLSA, all done.