FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gcab -- stack overflow

Affected packages
gcab < 0.8

Details

VuXML ID 2cceb80e-c482-4cfd-81b3-2088d2c0ad53
Discovery 2018-01-23
Entry 2018-01-27

Upstream reports:

A stack-based buffer overflow within GNOME gcab through 0.7.4 can be exploited by malicious attackers to cause a crash or, potentially, execute arbitrary code via a crafted .cab file.

References

CVE Name CVE-2018-5345
URL https://mail.gnome.org/archives/ftp-release-list/2018-January/msg00066.html
URL https://nvd.nist.gov/vuln/detail/CVE-2018-5345