acroread5 -- mailListIsPdf() buffer overflow vulnerability

2004-10-14T00:00:00
ID 28E93883-539F-11D9-A9E7-0001020EED82
Type freebsd
Reporter FreeBSD
Modified 2005-01-06T00:00:00

Description

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code. The vulnerability specifically exists in a the function mailListIsPdf(). This function checks if the input file is an email message containing a PDF. It unsafely copies user supplied data using strcat into a fixed sized buffer.