Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflows during translation into PostScript.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Abcmidi | Abcmidi | * | 2006-04-22 (including) |
| Abcmidi | Abcmidi | 2004-12-04 (including) | 2004-12-04 (including) |
| Abcmidi | Abcmidi | 2005-01-01 (including) | 2005-01-01 (including) |
| Abcmidi | Ubuntu | dapper | * |
| Abcmidi | Ubuntu | devel | * |
| Abcmidi | Ubuntu | edgy | * |
| Abcmidi | Ubuntu | feisty | * |
| Abcmidi | Ubuntu | gutsy | * |
| Abcmidi | Ubuntu | hardy | * |
| Abcmidi | Ubuntu | intrepid | * |
| Abcmidi | Ubuntu | jaunty | * |
| Abcmidi | Ubuntu | karmic | * |
References
- http://secunia.com/advisories/19826
- http://secunia.com/advisories/19829
- http://www.debian.org/security/2006/dsa-1043
- http://www.osvdb.org/24974
- http://www.securityfocus.com/bid/17704
- http://www.vupen.com/english/advisories/2006/1531
- http://secunia.com/advisories/19826
- http://secunia.com/advisories/19829
- http://www.debian.org/security/2006/dsa-1043
- http://www.osvdb.org/24974
- http://www.securityfocus.com/bid/17704
- http://www.vupen.com/english/advisories/2006/1531