A buffer overflow flaw was reported [1].[2] in pyfribidi's fribidi_utf8_to_unicode() function, due to it handling at most 3 bytes for a single unicode character. If a 4-byte utf-8 sequence was supplied, it would generate 2 unicode characters which would overflow the logical buffer. This has been fixed in pyfribidi 0.11 [3]. [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=663189 [2] https://github.com/pediapress/pyfribidi/issues/2 [3] https://github.com/pediapress/pyfribidi/commit/d2860c655357975e7b32d84e6b45e98f0dcecd7a
Created pyfribidi tracking bugs for this issue Affects: fedora-all [bug 801897]
This was assigned the name CVE-2012-1176: http://www.openwall.com/lists/oss-security/2012/03/14/9