[Bug 250971] textproc/raptor2 heap overflow
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Nov 9 05:28:48 GMT 2020
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250971
--- Comment #2 from commit-hook at FreeBSD.org ---
A commit references this bug:
Author: tcberner
Date: Mon Nov 9 05:28:06 UTC 2020
New revision: 554670
URL: https://svnweb.freebsd.org/changeset/ports/554670
Log:
Document vulnerability in textproc/raptor2
From [1], [2], [3]:
raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the
XML
writer, leading to heap-based buffer overflows (sometimes seen in
raptor_qname_format_as_xml).
[1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
[2] https://www.debian.org/security/2020/dsa-4785
[3] https://www.openwall.com/lists/oss-security/2017/06/07/1
PR: 250971
Security: CVE-2017-18926
Changes:
head/security/vuxml/vuln.xml
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the kde-freebsd
mailing list