Bug 1141435 - (CVE-2019-1010011) VUL-1: CVE-2019-1010011: abcm2ps: stack-based buffer overflow in functions get_key (parse.c) and delayed_output (music.c)
VUL-1: CVE-2019-1010011: abcm2ps: stack-based buffer overflow in functions ge...
Status: NEW
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Other
Leap 15.1
Other Other
: P4 - Low : Minor (vote)
: ---
Assigned To: Security Team bot
Security Team bot
Depends on:
  Show dependency treegraph
Reported: 2019-07-15 08:40 UTC by Alexander Bergmann
Modified: 2019-07-18 13:08 UTC (History)
0 users

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2019-07-15 08:40:49 UTC

moinejf abcm2ps 8.13.16 and after is affected by: CWE-121: Stack-based Buffer
Overflow. The impact is: This vulnerability allows remote attackers to cause a
denial of service via a crafted file. The component is: parse.c / function:
get_key and music.c/ function: delayed_output.

Comment 1 Michael Vetter 2019-07-18 13:07:32 UTC
We are not affected by this.

It seems CVE-2019-1010011 is just a duplicate of already existing CVEs.

CVE-2018-10771: https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
contained in releases since v8.13.21.

CVE-2018-10753: https://github.com/leesavide/abcm2ps/commit/fd956e19f88ee32f8ec4aece5901400b06e80bcc
contained in releases since v8.13.21

Also see upstream issue https://github.com/leesavide/abcm2ps/issues/55