Package: scrot Version: 0.8-7 Severity: normal Steps to reproduce: 1) scrot foo`perl -e 'print "\\$w" x 3900;'`.png
Expected results: 1) scrot should either take a screenshot to a file or fail to create the file because filename is too long. Actual results: 1) scrot segfaults, apparently because it uses strcat() without checking for buffer overflows. I'm not sure but I think this can be used to execute arbitrary code. -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.4.29sauna Locale: LANG=C, LC_CTYPE=fi_FI (charmap=ISO-8859-1) Versions of packages scrot depends on: ii giblib1 1.2.4-2 wrapper library for imlib2, and ot ii libc6 2.3.6-2 GNU C Library: Shared libraries an ii libfreetype6 2.1.10-1 FreeType 2 font engine, shared lib ii libimlib2 1.2.1-2 powerful image loading and renderi ii libx11-6 6.9.0.dfsg.1-4 X Window System protocol client li ii libxext6 6.9.0.dfsg.1-4 X Window System miscellaneous exte ii zlib1g 1:1.2.3-9 compression library - runtime scrot recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
