Abcm2ps before version 8.13.21 is vulnerable to a stack-based buffer overflow in the parse.c:get_key() function. An attacker could exploit this to cause a denial of service via crafted file. Upstream issue: https://github.com/leesavide/abcm2ps/issues/17 Upstream patch: https://github.com/leesavide/abcm2ps/commit/dc0372993674d0b50fedfbf7b9fad1239b8efc5f
Created abcm2ps tracking bugs for this issue: Affects: fedora-all [bug 1576641]
Couldn't reproduce this with abcm2ps-7.8.14-5.fc27.src.rpm on F27: $ gdb -q abcm2ps Reading symbols from abcm2ps...done. (gdb) r ~/Downloads/abcm2ps/POC2 Starting program: /home/sfowler/rpmbuild/BUILD/abcm2ps-7.8.14/abcm2ps ~/Downloads/abcm2ps/POC2 [Thread debugging using libthread_db enabled] Using host libthread_db library "/lib64/libthread_db.so.1". abcm2ps-7.8.14 (March 25, 2015) File /home/sfowler/Downloads/abcm2ps/POC2 Error in line 6.2: Bad character 6 [1� ^ - In tune '': Error in line 5.0: w: without music Output written on Out.ps (1 page, 1 title, 18271 bytes) [Inferior 1 (process 16672) exited with code 01
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.