[Bug 250971] textproc/raptor2 heap overflow

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Mon Nov 9 05:28:48 GMT 2020


https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=250971

--- Comment #2 from commit-hook at FreeBSD.org ---
A commit references this bug:

Author: tcberner
Date: Mon Nov  9 05:28:06 UTC 2020
New revision: 554670
URL: https://svnweb.freebsd.org/changeset/ports/554670

Log:
  Document vulnerability in textproc/raptor2

  From [1], [2], [3]:
  raptor_xml_writer_start_element_common in raptor_xml_writer.c in Raptor RDF
  Syntax Library 2.0.15 miscalculates the maximum nspace declarations for the
XML
  writer, leading to heap-based buffer overflows (sometimes seen in
  raptor_qname_format_as_xml).

  [1] https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18926
  [2] https://www.debian.org/security/2020/dsa-4785
  [3] https://www.openwall.com/lists/oss-security/2017/06/07/1

  PR:           250971
  Security:     CVE-2017-18926

Changes:
  head/security/vuxml/vuln.xml

-- 
You are receiving this mail because:
You are the assignee for the bug.


More information about the kde-freebsd mailing list