6.8

CVE-2010-4743

Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps before 5.9.13 might allow remote attackers to execute arbitrary code via a crafted ABC file, a different vulnerability than CVE-2010-3441.  NOTE: some of these details are obtained from third party information.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MoinejfAbcm2ps Version < 5.9.13
FedoraprojectFedora Version13
FedoraprojectFedora Version14
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.22% 0.866
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014
Patch
Third Party Advisory
Mailing List
Issue Tracking
http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.html
Third Party Advisory
http://moinejf.free.fr/abcm2ps-5.txt
Broken Link
http://secunia.com/advisories/43338
Third Party Advisory
http://www.vupen.com/english/advisories/2011/0390
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-March/054424.html
Third Party Advisory
http://secunia.com/advisories/40033
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=600729
Third Party Advisory
Issue Tracking