acroread5 -- mailListIsPdf() buffer overflow vulnerability

ID 28E93883-539F-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-01-06T00:00:00


An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code. The vulnerability specifically exists in a the function mailListIsPdf(). This function checks if the input file is an email message containing a PDF. It unsafely copies user supplied data using strcat into a fixed sized buffer.