Design/Logic Flaw

The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...

CVE-2016-7044

The CVE-2016-7044 issue affects Irssi prior to 0.8.20 where the unformat_24bit_color function in the format parsing code, when compiled with true-color enabled, can be triggered by an incomplete 24bit color code to cause heap corruption and a remote denial of service. The public material ties thi...

CVE-2016-7045

The formatsendtogui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service heap corruption and crash via vectors involving the length of a string...

CVE-2016-7044

The unformat24bitcolor function in the format parsing code in Irssi before 0.8.20, when compiled with true-color enabled, allows remote attackers to cause a denial of service heap corruption and crash via an incomplete 24bit color code...

CVE-2016-7045

The formatsendtogui function in the format parsing code in Irssi before 0.8.20 allows remote attackers to cause a denial of service heap corruption and crash via vectors involving the length of a string...

Debian DSA-3672-1 : irssi - security update

Gabriel Campana and Adrien Guinet from Quarkslab discovered two remotely exploitable crash and heap corruption vulnerabilities in the format parsing code in Irssi, a terminal based IRC client. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this...

[slackware-security] irssi

New irssi packages are available for Slackware 13.0, 13.1, 13.37, 14.0, 14.1, 14.2, and -current to fix security issues. Here are the details from the Slackware 14.2 ChangeLog: patches/packages/irssi-0.8.20-i586-1slack14.2.txz: Upgraded. This update fixes two remote crash and heap corruption...