Red Hat Bugzilla – Bug 1295353
CVE-2015-8708 claws-mail: Stack overflow in conv_euctojis()
Last modified: 2016-02-10 05:50:56 EST
A stack-based buffer overflow has been found in conv_euctojis() after applying incomplete patch for CVE-2015-8614. In conv_euctojis() the comparison is with outlen - 3, but each pass through the loop uses up to 5 bytes and the rest of the function may add another 4 bytes. The comparison should presumably be '<= outlen - 9' or equivalently '< outlen - 8'.
Created claws-mail tracking bugs for this issue:
Affects: fedora-all [bug 1295355]
Affects: epel-all [bug 1295356]
There is a new [albeit unconfirmed] patch suggestion:
claws-mail-3.13.2-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
claws-mail-3.13.2-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.