LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

Relicensing and rebasing LibreOffice

LWN.net Weekly Edition for May 24, 2012

A uTouch architecture introduction

LWN.net Weekly Edition for May 17, 2012

Tasting the Ice Cream Sandwich

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

acroread: UUDecode filename buffer overflow

Package(s):acroread CVE #(s):
Created:August 16, 2004 Updated:August 17, 2004
Description: acroread contains two errors in the handling of UUEncoded filenames. First, it fails to check the length of a filename before copying it into a fixed size buffer and, secondly, it fails to check for the backtick shell metacharacter in the filename before executing a command with a shell. By enticing a user to open a PDF with a specially crafted filename, an attacker could execute arbitrary code or programs with the permissions of the user running acroread.
Alerts:
Gentoo 200408-14 2004-08-15
(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds