Bug#699820: stack smashing when reading ics file

Sang Kil Cha sangkil.cha at gmail.com
Tue Feb 5 16:01:39 UTC 2013 

Package: imview
Version: 1.1.9c-9
Severity: grave
Tags: security

imview has stack smashing vulnerability when parsing ics header @
io/readics.cxx:320

     /* get the filename from the ICS file */

         t = temp1;
             while (*bp != delim2)
                     *t++ = *bp++;

This bug can lead arbitrary code execution.

I am attaching a crashing input.


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages imview depends on:
ii  libc6           2.13-37
ii  libfontconfig1  2.9.0-7.1
ii  libgcc1         1:4.7.2-5
ii  libgomp1        4.7.2-5
ii  libjpeg8        8d-1
ii  libmagickcore5  8:6.7.7.10-5
ii  libpng12-0      1.2.49-1
ii  libstdc++6      4.7.2-5
ii  libtiff4        3.9.6-11
ii  libx11-6        2:1.5.0-1
ii  libxext6        2:1.3.1-2
ii  libxft2         2.3.1-1
ii  libxinerama1    2:1.1.2-1
ii  libxpm4         1:3.5.10-1
ii  zlib1g          1:1.2.7.dfsg-13

imview recommends no packages.

Versions of packages imview suggests:
pn  imview-doc  <none>

-- no debconf information
-------------- next part --------------
A:AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA:

More information about the debian-science-maintainers mailing list