CVE-2010-5109: Buffer Overflow

First published: Tue Jun 12 2012(Updated: )

Created <span class="bz_obsolete"><a href="attachment.cgi?id=591258&amp;action=diff" name="attach_591258" title="proposed patch to fix possible buffer overflows.">attachment 591258</a> <a href="attachment.cgi?id=591258&amp;action=edit" title="proposed patch to fix possible buffer overflows.">[details]</a></span> proposed patch to fix possible buffer overflows. Description of problem: compiler warning: call ... will always overflow destination buffer. indeed, there is a trivial bug in the code, no space is reserved for trailing \0. patch to fix: --- libytnef-1.5/ytnef.c 2004-08-26 17:09:05.000000000 +0000 +++ libytnef-1.5/ytnef.c 2012-06-08 19:34:07.826123387 +0000 @@ -1327,7 +1327,7 @@ ULONG compressedSize, uncompressedSize, magic, crc32; comp_Prebuf.size = strlen(RTF_PREBUF); - comp_Prebuf.data = calloc(comp_Prebuf.size, 1); + comp_Prebuf.data = calloc(comp_Prebuf.size+1, 1); strcpy(comp_Prebuf.data, RTF_PREBUF); src = p-&gt;data; Version-Release number of selected component (if applicable): libytnef-1.5-7.fc17

Credit: secalert@redhat.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/redhat-bugzilla
• alias/CVE-2010-5109
• agent/references
• agent/type
• agent/last-modified-date
• agent/softwarecombine
• agent/first-publish-date
• agent/tags
• agent/event
• agent/severity
• agent/weakness
• agent/author
• agent/description
• collector/nvd-index
• agent/software-canonical-lookup-request
• collector/nvd-historical
• vendor/randall hand
• canonical/randall hand yerase\'s tnef stream reader
• vendor/fedoraproject
• canonical/fedora
• version/fedora/16
• version/fedora/17