AdPlug cff.cpp CFF File Unpacking Overflow

2006-07-06T07:48:59
ID OSVDB:27042
Type osvdb
Reporter Luigi Auriemma(aluigi@autistici.org)
Modified 2006-07-06T07:48:59

Description

Vulnerability Description

A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted CFF files when unpacking them resulting in an heap overflow. A length value read directly in the header of the CFF file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the CFF file allowing for the execution of arbitrary code.

Solution Description

Upgrade to version CVS (2006-07-05) or higher, as it has been reported to fix this vulnerability.

Short Description

A local overflow exists in AdPlug . AdPlug fails to handle specialy crafted CFF files when unpacking them resulting in an heap overflow. A length value read directly in the header of the CFF file is not properly checked or sanitized when being used to allocate a buffer. A heap overflow could occur while unpacking the CFF file allowing for the execution of arbitrary code.

References:

Vendor URL: http://adplug.sourceforge.net/ Vendor Specific Advisory URL Secunia Advisory ID:21869 Secunia Advisory ID:21295 Secunia Advisory ID:20972 Secunia Advisory ID:21238 Related OSVDB ID: 27047 Related OSVDB ID: 27046 Related OSVDB ID: 27044 Related OSVDB ID: 27043 Related OSVDB ID: 27045 Other Advisory URL: http://aluigi.altervista.org/adv/adplugbof-adv.txt Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200609-06.xml Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0108.html CVE-2006-3582