FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc

Affected packages
claws-mail < 3.13.2

Details

VuXML ID 51358314-bec8-11e5-82cd-bcaec524bf84
Discovery 2015-11-04
Entry 2016-01-19

DrWhax reports:

So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better judgment on the severity of this issue. Marking critical for now.

References

CVE Name CVE-2015-8614
URL https://security-tracker.debian.org/tracker/CVE-2015-8614