abc2midi event_specific() Function Overflow

2004-12-16T23:33:43
ID OSVDB:12427
Type osvdb
Reporter Limin Wang()
Modified 2004-12-16T23:33:43

Description

Vulnerability Description

A remote overflow exists in abcMIDI. abcMIDI fails to perform proper bounds checking in store.c event_specific() function, resulting in a buffer overflow. With a specially crafted abc file, an attacker can cause execute arbitrary commands resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in abcMIDI. abcMIDI fails to perform proper bounds checking in store.c event_specific() function, resulting in a buffer overflow. With a specially crafted abc file, an attacker can cause execute arbitrary commands resulting in a loss of integrity.

References:

Vendor URL: http://ifdo.pugmarks.com/~seymour/runabc/top.html Security Tracker: 1012576 Secunia Advisory ID:13512 Related OSVDB ID: 12426 Other Advisory URL: http://tigger.uic.edu/~jlongs2/holes/abc2midi.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-12/0195.html CVE-2004-1256