Mozilla nsPPMDecoder.cpp PPM Image Processing Overflow

2003-09-29T21:39:03
ID OSVDB:16045
Type osvdb
Reporter zen-parse()
Modified 2003-09-29T21:39:03

Description

Vulnerability Description

A local overflow exists in Mozilla. The browser fails to check the length parameter in PPM files resulting in a heap overflow. A carefully contructed website or email could potentially exploit this problem to execute arbitray commands with the local user's permissions.

Solution Description

Upgrade to version 1.4.2, 1.5 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A local overflow exists in Mozilla. The browser fails to check the length parameter in PPM files resulting in a heap overflow. A carefully contructed website or email could potentially exploit this problem to execute arbitray commands with the local user's permissions.

References:

Vendor Specific News/Changelog Entry: https://bugzilla.mozilla.org/show_bug.cgi?id=220721 Vendor Specific Advisory URL