pcre: arbitrary code execution

ID ASA-201603-18
Type archlinux
Reporter Arch Linux
Modified 2016-03-13T00:00:00


PCRE library is prone to a vulnerability which leads to Heap Overflow. During the compilation of a malformed regular expression, more data is written on the malloced block than the expected size output by compile_regex. Exploits with advanced Heap Fengshui techniques may allow an attacker to execute arbitrary code in the context of the user running the affected application.