Lucene search

Gentoo FoundationGLSA-200501-10

HistoryJan 06, 2005 - 12:00 a.m.

Vilistextum: Buffer overflow vulnerability

2005-01-0600:00:00

Gentoo Foundation

security.gentoo.org

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.6%

JSON

Background

Vilistextum is an HTML to text converter.

Description

Ariel Berkman discovered that Vilistextum unsafely reads data into an array without checking the length. This code vulnerability may lead to a buffer overflow.

Impact

A remote attacker could craft a malicious webpage which, when converted, would result in the execution of arbitrary code with the rights of the user running Vilistextum.

Workaround

There is no known workaround at this time.

Resolution

All Vilistextum users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=app-text/vilistextum-2.6.7"

OSVersionArchitecturePackageVersionFilename
Gentooanyallapp-text/vilistextum< 2.6.7UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Gentoo	any	all	app-text/vilistextum	< 2.6.7	UNKNOWN

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.022 Low

EPSS

Percentile

89.6%

JSON

Related for GLSA-200501-10