CVE-2018-10753: Buffer Overflow
First published: Sat May 05 2018(Updated: )
Stack-based buffer overflow in the delayed_output function in music.c in abcm2ps through 8.13.20 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| moinejf abcm2ps | <=8.13.20 | |
| Debian Debian Linux | =9.0 | |
| Fedoraproject Fedora | =30 | |
| Fedoraproject Fedora | =31 | |
| Fedoraproject Fedora | =32 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://drive.google.com/drive/u/2/folders/1DvBEh5D-eW4UkvX3947UQh62i7hUIFN1
- https://github.com/leesavide/abcm2ps/issues/16
- https://lists.debian.org/debian-lts-announce/2022/04/msg00015.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IGDXW2I3MY3QH4PJXLJET5QZZXMXTNWO/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LSTB65NYYCKU7O6RF5B6CYY5IA6CA66Y/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/W6DUTXB4EC3TQHTTAAIBKJ54GJTF6Y7V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/LSTB65NYYCKU7O6RF5B6CYY5IA6CA66Y/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/W6DUTXB4EC3TQHTTAAIBKJ54GJTF6Y7V/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IGDXW2I3MY3QH4PJXLJET5QZZXMXTNWO/
Frequently Asked Questions
What is the severity of CVE-2018-10753?
The severity of CVE-2018-10753 is rated as critical with a CVSS score of 9.8.
How can I mitigate the vulnerability in CVE-2018-10753?
To mitigate the vulnerability in CVE-2018-10753, consider updating to a version of abcm2ps that is not affected by the stack-based buffer overflow.
Is there a fix available for CVE-2018-10753?
Yes, updating abcm2ps to a version beyond 8.13.20 can help fix the stack-based buffer overflow vulnerability in CVE-2018-10753.
What is the CWE associated with CVE-2018-10753?
The Common Weakness Enumeration (CWE) associated with CVE-2018-10753 includes CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) and CWE-787 (Out-of-bounds Write).
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- agent/description
- agent/first-publish-date
- agent/event
- vendor/moinejf
- canonical/moinejf abcm2ps
- version/moinejf abcm2ps/8.13.20
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/9.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/30
- version/fedoraproject fedora/31
- version/fedoraproject fedora/32