blob: 20a1823a1bc10d95d85807e479a1d283f894e3b9 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200501-10">
<title>Vilistextum: Buffer overflow vulnerability</title>
Vilistextum is vulnerable to a buffer overflow that allows an attacker to
execute arbitrary code through the use of a malicious webpage.
<product type="ebuild">vilistextum</product>
<announced>January 06, 2005</announced>
<revised>January 06, 2005: 01</revised>
<package name="app-text/vilistextum" auto="yes" arch="*">
<unaffected range="ge">2.6.7</unaffected>
<vulnerable range="lt">2.6.7</vulnerable>
Vilistextum is an HTML to text converter.
Ariel Berkman discovered that Vilistextum unsafely reads data into
an array without checking the length. This code vulnerability may lead
to a buffer overflow.
<impact type="normal">
A remote attacker could craft a malicious webpage which, when
converted, would result in the execution of arbitrary code with the
rights of the user running Vilistextum.
There is no known workaround at this time.
All Vilistextum users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/vilistextum-2.6.7&quot;</code>
<uri link="">Original Advisory</uri>
<uri link="">CAN-2004-1299</uri>
<metadata tag="requester" timestamp="Mon, 3 Jan 2005 15:34:01 +0000">
<metadata tag="bugReady" timestamp="Tue, 4 Jan 2005 11:50:53 +0000">
<metadata tag="submitter" timestamp="Thu, 6 Jan 2005 13:22:37 +0000">