Описание
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| xfpt | fixed | 1.00-3 | package | |
| xfpt | fixed | 0.11-1+deb12u1 | bookworm | package |
Примечания
https://github.com/PhilipHazel/xfpt/commit/a690304bbd3fd19e9dfdad50dcc87ad829f744e4
EPSS
Связанные уязвимости
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
xfpt versions prior to 1.01 fails to handle appropriately some parameters inside the input data, resulting in a stack-based buffer overflow vulnerability. When a user of the affected product is tricked to process a specially crafted file, arbitrary code may be executed on the user's environment.
Уязвимость конвертора текста в структуру XML-файла XFPT, связанная с копированием буфера без проверки размера входных данных, позволяющая нарушителю выполнить произвольный код
EPSS