libxmp MASI Parsing Buffer Overflow Vulnerability

2013-04-22 / 2013-04-23
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Description A vulnerability has been reported in libxmp, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error in the "get_dsmp"() function (src/loaders/masi_load.c) when parsing MASI files, which can be exploited to cause a buffer overflow. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 4.1.0. Solution Update to version 4.1.0. Provided and/or discovered by The vendor credits Douglas Carmichael. Original Advisory http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view Commit: http://sourceforge.net/p/xmp/libxmp/ci/a015fdfb478a60172fd225632a11bbd02870fc40/ [1]: https://secunia.com/advisories/53114/ -- Agostino Sarubbo Gen

References:

http://sourceforge.net/projects/xmp/files/libxmp/4.1.0/Changelog/view
http://seclists.org/oss-sec/2013/q2/153


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top