CVE Vulnerabilities

CVE-2003-0143

Published: Mar 18, 2003 | Modified: Oct 10, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
10 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Affected Software

Name Vendor Start Version End Version
Qpopper Qualcomm 4.0.1 4.0.1
Qpopper Qualcomm 4.0.2 4.0.2
Qpopper Qualcomm 4.0.3 4.0.3
Qpopper Qualcomm 4.0.4 4.0.4

References