CVE-2009-4012: arbitrary code execution
Bug #507939 reported by
Marc Deslauriers
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libthai (Ubuntu) |
Fix Released
|
Medium
|
Unassigned | ||
Hardy |
Fix Released
|
Medium
|
Unassigned | ||
Intrepid |
Fix Released
|
Medium
|
Unassigned | ||
Jaunty |
Fix Released
|
Medium
|
Unassigned | ||
Karmic |
Fix Released
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Unassigned |
Bug Description
libthai contains a integer/heap overflow. It can be exploited by passing a very long string to overflow the calculated
malloc size, and can lead to arbitrary code execution.
CVE References
Changed in libthai (Ubuntu Karmic): | |
importance: | Undecided → Medium |
Changed in libthai (Ubuntu Jaunty): | |
importance: | Undecided → Medium |
Changed in libthai (Ubuntu Hardy): | |
importance: | Undecided → Medium |
Changed in libthai (Ubuntu Intrepid): | |
importance: | Undecided → Medium |
To post a comment you must log in.
I have uploaded the proposed security update to the following PPA for testing, please comment on testing results here:
https:/ /launchpad. net/~mdeslaur/ +archive/ testing