|
|
Log in / Subscribe / Register

unadf: two vulnerabilities

Package(s):unadf CVE #(s):CVE-2016-1243 CVE-2016-1244
Created:September 21, 2016 Updated:September 26, 2016
Description: From the Debian LTS advisory:

It was discovered that there were two vulnerabilities in unadf, a tool to extract files from an Amiga Disk File dump (.adf):

- - CVE-2016-1243: stack buffer overflow caused by blindly trusting on pathname lengths of archived files.

Stack allocated buffer sysbuf was filled with sprintf() without any bounds checking in extracTree() function.

- - CVE-2016-1244: execution of unsanitized input

Shell command used for creating directory paths was constructed by concatenating names of archived files to the end of the command string.

Alerts:
Debian DSA-3676-1 unadf 2016-09-24
Debian-LTS DLA-631-1 unadf 2016-09-21
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds