thr3ads.net - Secure testing team - [Secure-testing-team] Bug#573877: gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution [Mar 2010]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Emilio Pozuelo Monfort

2010-Mar-14 17:06 UTC

[Secure-testing-team] Bug#573877: gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution

Package: gmime2.4
Version: 2.4.14-1
Severity: grave
Tags: security
Justification: user security hole

Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h
in GMime before 2.4.15 allows context-dependent attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via input
data for a uuencode operation.

http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0409

gmime 2.4.15 fixes it.

Stable is not affected as gmime2.4 doesn''t exist there, and
there''s #568291
for gmime2.2 (which exists in stable).

Cheers,
Emilio

Secure testing team - Mar 2010 - Bug#573877: gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution

[Secure-testing-team] Bug#573877: gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution