7 matches found
ALPINE-CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...
DEBIAN-CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...
Code injection
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...
UBUNTU-CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...
CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...
CVE-2018-17141
HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData in the faxd/CopyQuality.c++ file...
CVE-2018-17141
CVE-2018-17141 affects HylaFAX and HylaFAX+ where specially crafted JPEG input during fax page reception could trigger remote code execution due to missing input sanitising in the FaxModem data path. Public fixes exist: HylaFAX+ 5.6.1 (and later) mitigates the issue; Debian LTS advisory notes a f...