[Secure-testing-team] Bug#573877: gmime2.4: CVE-2010-0409: buffer overflow can lead to DoS or arbitrary code execution
Emilio Pozuelo Monfort
pochu at debian.org
Sun Mar 14 17:06:52 UTC 2010
Package: gmime2.4
Version: 2.4.14-1
Severity: grave
Tags: security
Justification: user security hole
Buffer overflow in the GMIME_UUENCODE_LEN macro in gmime/gmime-encodings.h
in GMime before 2.4.15 allows context-dependent attackers to cause a denial
of service (application crash) or possibly execute arbitrary code via input
data for a uuencode operation.
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0409
gmime 2.4.15 fixes it.
Stable is not affected as gmime2.4 doesn't exist there, and there's #568291
for gmime2.2 (which exists in stable).
Cheers,
Emilio
More information about the Secure-testing-team
mailing list