CVE-2010-3441
HIGH severity · CVSS 7.5 · Buffer overflow
7.5CVSS HIGH
Summary
Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.
Impact & exploitability
Attack vectorNetwork
Attack complexityLow
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)6%
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix promptly. Open any affected product above for its exact safe version.
Official patch: http://www.openwall.com/lists/oss-security/2010/04/08/5 ↗
Additional information
- NVD record
- http://www.openwall.com/lists/oss-security/2010/04/08/5Patch
- http://www.openwall.com/lists/oss-security/2010/04/08/6Patch
- http://www.openwall.com/lists/oss-security/2010/04/08/7Patch
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=577014Advisory
- http://lists.fedoraproject.org/pipermail/package-announce/2011-February/054015.htmlAdvisory
- http://moinejf.free.fr/abcm2ps-5.txt
- http://secunia.com/advisories/39345Advisory
- http://secunia.com/advisories/43338Advisory