CVE-2010-5109: Buffer Overflow
First published: Tue Jun 12 2012(Updated: )
Created <span class="bz_obsolete"><a href="attachment.cgi?id=591258&action=diff" name="attach_591258" title="proposed patch to fix possible buffer overflows.">attachment 591258</a> <a href="attachment.cgi?id=591258&action=edit" title="proposed patch to fix possible buffer overflows.">[details]</a></span> proposed patch to fix possible buffer overflows. Description of problem: compiler warning: call ... will always overflow destination buffer. indeed, there is a trivial bug in the code, no space is reserved for trailing \0. patch to fix: --- libytnef-1.5/ytnef.c 2004-08-26 17:09:05.000000000 +0000 +++ libytnef-1.5/ytnef.c 2012-06-08 19:34:07.826123387 +0000 @@ -1327,7 +1327,7 @@ ULONG compressedSize, uncompressedSize, magic, crc32; comp_Prebuf.size = strlen(RTF_PREBUF); - comp_Prebuf.data = calloc(comp_Prebuf.size, 1); + comp_Prebuf.data = calloc(comp_Prebuf.size+1, 1); strcpy(comp_Prebuf.data, RTF_PREBUF); src = p->data; Version-Release number of selected component (if applicable): libytnef-1.5-7.fc17
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Red Hat Fedora | =17 | |
| Red Hat Fedora | =16 | |
| TNEF Stream Reader | ||
| =16 | ||
| =17 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.openwall.com/lists/oss-security/2013/04/11/1
- https://bugzilla.redhat.com/show_bug.cgi?id=831322
- https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083804.html
- https://lists.fedoraproject.org/pipermail/package-announce/2012-July/083853.html
- http://sourceforge.net/p/ytnef/bugs/13/
- http://www.securityfocus.com/bid/54484
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=591258&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=591258&action=edit
- http://sourceforge.net/tracker/?func=detail&aid=2949686&group_id=70352&atid=527487
- http://sourceforge.net/tracker/?func=detail&aid=756215&group_id=70352&atid=533948
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=596239&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=596239&action=edit
- https://admin.fedoraproject.org/updates/libytnef-1.5-8.fc17
- https://admin.fedoraproject.org/updates/libytnef-1.5-8.fc16
- https://admin.fedoraproject.org/updates/FEDORA-2012-10250/libytnef-1.5-8.fc17
- http://openwall.com/lists/oss-security/2013/04/11/1
Frequently Asked Questions
What is the severity of CVE-2010-5109?
CVE-2010-5109 is a vulnerability that has been categorized with a medium severity rating due to potential buffer overflows.
How do I fix CVE-2010-5109?
To fix CVE-2010-5109, it is recommended to apply the proposed patch provided in the associated bug report.
Which software is affected by CVE-2010-5109?
CVE-2010-5109 affects Randall Hand's Yerase's Tnef Stream Reader as well as Fedora versions 16 and 17.
What types of vulnerabilities does CVE-2010-5109 involve?
CVE-2010-5109 involves buffer overflow vulnerabilities that could be exploited in certain software.
Is there a public discussion regarding CVE-2010-5109?
Yes, there have been public discussions about CVE-2010-5109 in security mailing lists and bug tracking systems.
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- collector/nvd-historical
- agent/software-canonical-lookup-request
- collector/nvd-index
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/source
- agent/softwarecombine
- agent/event
- agent/tags
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-5109
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/17
- version/red hat fedora/16
- vendor/randall hand
- canonical/tnef stream reader