Control: tags -1 + confirmed On Sat, 2023-04-22 at 22:52 -0300, David da Silva Polverari wrote: > Package: release.debian.org > Severity: important >
As noted (and already fixed) "normal" was the correct choice here. > A buffer overflow vulnerability exists in Pev 0.81 via the pe_exports > function from exports.c. The array offsets_to_Names is dynamically > allocated on the stack using exp->NumberOfFunctions as its size. > However, the loop uses exp->NumberOfNames to iterate over it and set > its > components value. Therefore, the loop code assumes that > exp->NumberOfFunctions is greater than ordinal at each iteration. > This > can lead to arbitrary code execution. > Please go ahead. Regards, Adam
