BMV PS File Page Handling openpsfile() Function Local Overflow

2005-10-20T12:05:08
ID OSVDB:20118
Type osvdb
Reporter felinemenace(andrewg@felinemenace.org)
Modified 2005-10-20T12:05:08

Description

Vulnerability Description

A local overflow exists in BMV. BMV fails to allocate memory to store the file offsets of each page in a PS file resulting in a integer overflow. With a specially crafted postscript file an attacker can execute arbitrary code resulting in a loss of integrity.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A local overflow exists in BMV. BMV fails to allocate memory to store the file offsets of each page in a PS file resulting in a integer overflow. With a specially crafted postscript file an attacker can execute arbitrary code resulting in a loss of integrity.

References:

Security Tracker: 1015086 Secunia Advisory ID:17266 Secunia Advisory ID:19029 Other Advisory URL: http://www.felinemenace.org/advisories/bmv_advisory.txt Other Advisory URL: http://www.debian.org/security/2006/dsa-981 ISS X-Force ID: 22815 CVE-2005-3278