[e2fsprogs] [CVE-2007-5497] several integer overflows in memory allocating code
Bug #174174 reported by
disabled.user
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
e2fsprogs (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: e2fsprogs
References:
[1] CVE-2007-5497 (http://
[2] SUSE-SR:2007:025
Quoting [2]:
"e2fsprogs has been updated to fix several integer overflows in memory allocating code. Programs that use libext2fs are therefore vulnerable to memory corruptions that can lead to arbitrary code execution while loading a specially crafted image."
CVE References
To post a comment you must log in.
Debian Security Advisory DSA-1422 (http:// www.debian. org/security/ 2007/dsa- 1422)
"Rafal Wojtczuk of McAfee AVERT Research discovered that e2fsprogs, ext2 file system utilities and libraries, contained multiple integer overflows in memory allocations, based on sizes taken directly from filesystem information. These could result in heap-based overflows potentially allowing the execution of arbitrary code.
For the stable distribution (etch), this problem has been fixed in version 1.39+1. 40-WIP- 2006.11. 14+dfsg- 2etch1. "