mailing list archives
CVE request: pyfribidi buffer overflow flaw
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 14 Mar 2012 09:24:47 -0600
Could a CVE be assigned for this issue please? I don't think it's come
through here yet.
A buffer overflow flaw was reported in pyfribidi's
fribidi_utf8_to_unicode() function, due to it handling at most 3 bytes
for a single unicode character. If a 4-byte utf-8 sequence was
supplied, it would generate 2 unicode characters which would overflow
the logical buffer. This has been fixed in pyfribidi 0.11.
Vincent Danen / Red Hat Security Response Team
- CVE request: pyfribidi buffer overflow flaw Vincent Danen (Mar 14)