Apple Security Team reported multiple buffer overflows in cscope, caused by insecure sprintf usage. Processing a maliciously crafted source file with cscope may lead to an unexpected application termination or arbitrary code execution.
Fixed upstream in 15.7a: http://sourceforge.net/forum/forum.php?forum_id=947983 Upstream commits: http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015K-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs http://sourceforge.net/mailarchive/forum.php?thread_name=E1LsGx3-00015C-TN%40ddv4jf1.ch3.sourceforge.com&forum_name=cscope-cvs
This CVE is duplicate / re-occurrence of old issue CVE-2004-2541: Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target. It seems the original issue was not completely fixed upstream previously.
Created attachment 342619 [details] Original Debian patch for CVE-2004-2541
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2009:1102 https://rhn.redhat.com/errata/RHSA-2009-1102.html
This issue has been addressed in following products: Red Hat Enterprise Linux 4 Red Hat Enterprise Linux 3 Via RHSA-2009:1101 https://rhn.redhat.com/errata/RHSA-2009-1101.html