Executive Summary
Summary | |
---|---|
Title | New abcmidi packages fix arbitrary code execution |
Informations | |||
---|---|---|---|
Name | DSA-1043 | First vendor Publication | 2006-04-26 |
Vendor | Debian | Last vendor Modification | 2006-04-26 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 7.5 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Low |
Cvss Expoit Score | 10 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Erik Sjölund discovered that abcmidi-yaps, a translator for ABC music description files into PostScript, does not check the boundaries when reading in ABC music files resulting in buffer overflows. For the old stable distribution (woody) these problems have been fixed in version 17-1woody1. For the stable distribution (sarge) these problems have been fixed in version 20050101-1sarge1. For the unstable distribution (sid) these problems will be fixed soon. We recommend that you upgrade your abcmidi-yaps package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1043 |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2008-01-17 | Name : Debian Security Advisory DSA 1043-1 (abcmidi) File : nvt/deb_1043_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
24974 | abcMIDI ABC Music File Handling Overflow A local overflow exists in abcMIDI. The product fails to limit the bytes read by sscanf in drawtune.c and yapstree.c resulting in a buffer overflow. With a specially crafted .ABC file, an attacker can cause the program to crash or possibly execute arbitrary code resulting in a loss of integrity or availability for the program. |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1043.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:25:43 |
|