FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

yamt -- buffer overflow and directory traversal issues

Affected packages
yamt < 0.5_2

Details

VuXML ID 99b5cfa5-d3d2-11d9-8ffb-00061bc2ad93
Discovery 2005-01-20
Entry 2005-06-03

Stanislav Brabec discovered errors in yamt's path name handling that lead to buffer overflows and directory traversal issues. When processing a file with a maliciously crafted ID3 tag, yamt might overwrite arbitrary files or possibly execute arbitrary code.

The SuSE package ChangeLog contains:

References

CVE Name CVE-2005-1846
CVE Name CVE-2005-1847
URL ftp://ftp.suse.com/pub/suse/i386/update/8.2/rpm/src/yamt-0.5-1277.src.rpm
URL http://rpmfind.net/linux/RPM/suse/updates/8.2/i386/rpm/i586/yamt-0.5-1277.i586.html

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.