OpenBSD VuXML: Documenting security issues in the OpenBSD Ports & Packages Collection

acroread -- mailListIsPdf() buffer overflow vulnerability

Affected packages
acroread < 5.010

Details

VuXML ID 477ae7a2-545c-11d9-b950-00065bd5b0b6
Discovery 2004-10-14
Entry 2004-12-22

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.

The vulnerability specifically exists in a the function mailListIsPdf(). This function checks if the input file is an email message containing a PDF. It unsafely copies user supplied data using strcat into a fixed sized buffer.

[source]

References

CVE Name CAN-2004-1152
URL http://www.adobe.com/support/techdocs/331153.html
URL http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities

Copyright © 2003-2005 Jacques Vidrine, Robert Nagy, and contributors.
Please see the source of this document for full copyright information.