A vulnerability in irssi was found caused by improper input checking allowing remote attacker to cause application crash.
The format_send_to_gui() function does not validate the length of the string before incrementing the `ptr' pointer in all cases. If that happens, the pointer `ptr' can be incremented twice and thus end past the boundaries of the original `dup' buffer.
Affected versions: Irssi 0.8.17-beta up to and including 0.8.19 up to 0.8.19-219-g52fedea
Created irssi tracking bugs for this issue:
Affects: fedora-all [bug 1378345]
Affects: epel-5 [bug 1378346]
As shipped in RHEL-6, RHEL-7 or EPEL-5, the ptr pointer can not overflow. These products are not affected by this flaw.