Abcm2ps before version 8.13.21 is vulnerable to a stack-based buffer overflow in the parse.c:get_key() function. An attacker could exploit this to cause a denial of service via crafted file.
Created abcm2ps tracking bugs for this issue:
Affects: fedora-all [bug 1576641]
Couldn't reproduce this with abcm2ps-7.8.14-5.fc27.src.rpm on F27:
$ gdb -q abcm2ps
Reading symbols from abcm2ps...done.
(gdb) r ~/Downloads/abcm2ps/POC2
Starting program: /home/sfowler/rpmbuild/BUILD/abcm2ps-7.8.14/abcm2ps ~/Downloads/abcm2ps/POC2
[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
abcm2ps-7.8.14 (March 25, 2015)
Error in line 6.2: Bad character
- In tune '':
Error in line 5.0: w: without music
Output written on Out.ps (1 page, 1 title, 18271 bytes)
[Inferior 1 (process 16672) exited with code 01
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.