blob: 24e69b190ea4f815a2144a4949cee698ddec61a7 [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200511-23">
<title>chmlib, KchmViewer: Stack-based buffer overflow</title>
chmlib and KchmViewer contain a buffer overflow vulnerability which may
lead to the execution of arbitrary code.
<product type="ebuild">chmlib kchmviewer</product>
<announced>November 28, 2005</announced>
<revised>May 28, 2009: 03</revised>
<package name="dev-libs/chmlib" auto="yes" arch="*">
<unaffected range="ge">0.37.4</unaffected>
<vulnerable range="lt">0.37.4</vulnerable>
<package name="app-text/kchmviewer" auto="yes" arch="*">
<unaffected range="ge">1.1</unaffected>
<vulnerable range="lt">1.1</vulnerable>
chmlib is a library for dealing with Microsoft ITSS and CHM format
files. KchmViewer is a CHM viewer that includes its own copy of the
chmlib library.
Sven Tantau reported about a buffer overflow vulnerability in
chmlib. The function "_chm_decompress_block()" does not properly
perform boundary checking, resulting in a stack-based buffer overflow.
<impact type="normal">
By convincing a user to open a specially crafted ITSS or CHM file,
using KchmViewer or a program makes use of chmlib, a remote attacker
could execute arbitrary code with the privileges of the user running
the software.
There is no known workaround at this time.
All chmlib users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=dev-libs/chmlib-0.37.4&quot;</code>
All KchmViewer users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=app-text/kchmviewer-1.1&quot;</code>
<uri link="">CVE-2005-3318</uri>
<metadata tag="requester" timestamp="Fri, 25 Nov 2005 10:03:15 +0000">
<metadata tag="submitter" timestamp="Sat, 26 Nov 2005 02:10:11 +0000">
<metadata tag="bugReady" timestamp="Sun, 27 Nov 2005 20:16:26 +0000">