Five heap-buffer-overflow vulnerabilities of FreeXL 1.0.4
151 views
Skip to first unread message
leon....@gmail.com
Feb 22, 2018, 3:56:46 AM2/22/18
to SpatiaLite Users
I have found several heap-buffer-overflow vulnerabilities of FreeXL 1.0.4, these vulnerabilities may be used to execute arbitrary code. I post them in redhat bugzilla
all of them have an attachment of POC file, and can be reproduced with command: ./test_xl $POC
a.fu...@lqt.it
Feb 22, 2018, 10:02:48 AM2/22/18
to spatiali...@googlegroups.com
On Thu, 22 Feb 2018 00:56:46 -0800 (PST), leon....@gmail.com wrote:
> I have found several heap-buffer-overflow vulnerabilities of FreeXL
> 1.0.4, these vulnerabilities may be used to execute arbitrary code. I
> post them in redhat bugzilla
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1547879 [1]
> I have found several heap-buffer-overflow vulnerabilities of FreeXL
> 1.0.4, these vulnerabilities may be used to execute arbitrary code. I
> post them in redhat bugzilla
>
> https://bugzilla.redhat.com/show_bug.cgi?id=1547883 [2]
> https://bugzilla.redhat.com/show_bug.cgi?id=1547885 [3]
> https://bugzilla.redhat.com/show_bug.cgi?id=1547889 [4]
> https://bugzilla.redhat.com/show_bug.cgi?id=1547892 [5]
>
> all of them have an attachment of POC file, and can be reproduced
> with
> command: ./test_xl $POC
>
Hi Leon,
> all of them have an attachment of POC file, and can be reproduced
> with
> command: ./test_xl $POC
>
all five vulnerabilities are now fixed and the patched
code is available from the Fossil repository, and I'm
going to announce the release of version 1.0.5
thank a lot for identifying and reporting these critical
issues.
best regards,
Sandro
Reply all
Reply to author
Forward
0 new messages