Source: libmimedir Version: 0.5.1-1 Severity: grave Tags: security upstream
Hi, the following vulnerability was published for libmimedir. CVE-2015-3205[0]: | libmimedir allows remote attackers to execute arbitrary code via a VCF | file with two NULL bytes at the end of the file, related to "free" | function calls in the "lexer's memory clean-up procedure." The issue can be reproduced by creating a specially crafted file with the PoC in [1]. The original bugreport at Red Hat Bugzilla[2] at the time of writing is not yet open. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2015-3205 [1] https://www.exploit-db.com/exploits/37249/ [2] https://bugzilla.redhat.com/show_bug.cgi?id=1222251 Regards, Salvatore -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
