Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

Gentoo: GLSA-202109-04 Moderate: Curl Security Vulnerability Identified

gentoo
Calendar Grey March 28, 2004
Dist Gentoo Esm H88
A specially crafted image can manipulate the UUDeview application, potentially resulting in arbitrary code execution or application failures, as indicated by Gentoo GLSA-200403-05.
A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) may cause UUDeview to crash or execute arbitrary code.

Summary

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Gentoo Linux Security Advisory                           GLSA 200403-05
~                                            https://security.gentoo.org/

~ Severity: Normal ~ Title: UUDeview MIME Buffer Overflow ~ Date: March 26, 2004 ~ Bugs: #44859 ~ ID: 200403-05

Synopsis ======= A specially-crafted MIME file (.mim, .uue, .uu, .b64, .bhx, .hqx, and .xxe extensions) may cause UUDeview to crash or execute arbitrary code.
Background ========= UUDeview is a program which is used to transmit binary files over the Internet in a text-only format. It is commonly used for email and Usenet attachments. It supports multiple encoding formats, including Base64, BinHex and UUEncoding.
========== By decoding a MIME archive with excessively long strings for various parameters, it is possible to crash UUDeview, or cause it to execute arbitrary code.
This vulnerability was originally reported by iDEFENSE as part of a WinZip advisory [ Refe...

Read the Full Advisory

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
important
Lowest
Low
Medium
High
Critical

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround