Multiple heap-based buffer overflows
Bug #1034623 reported by
Felix Geyer
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libotr (Debian) |
Fix Released
|
Unknown
|
|||
libotr (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Lucid |
Fix Released
|
Undecided
|
Steve Beattie | ||
Natty |
Fix Released
|
Undecided
|
Steve Beattie | ||
Oneiric |
Fix Released
|
Undecided
|
Steve Beattie | ||
Precise |
Fix Released
|
Undecided
|
Steve Beattie | ||
Quantal |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
> Multiple heap-based buffer overflow flaws were found in the way the
> Base64 decoder of libotr, an Off-The-Record Messaging library and
> toolkit, performed decoding of certain messages. A remote attacker
> could provide a specially-crafted OTR message that once processed
> in an application linked against libotr would lead to that
> application crash or, potentially, arbitrary code execution with
> the privileges of the user running the application.
http://
CVE References
security vulnerability: | no → yes |
description: | updated |
Changed in libotr (Debian): | |
status: | Unknown → Fix Released |
description: | updated |
description: | updated |
To post a comment you must log in.
This bug was fixed in the package libotr - 3.2.1-1
---------------
libotr (3.2.1-1) unstable; urgency=high
* Fix potential buffer overflow in base64 routines (Closes: #684121)
-- Thibaut VARENE <email address hidden> Tue, 07 Aug 2012 12:24:15 +0200