Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE request: pyfribidi buffer overflow flaw
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Mar 2012 12:03:51 -0600

On 03/14/2012 09:24 AM, Vincent Danen wrote:
Could a CVE be assigned for this issue please?  I don't think it's come
through here yet.

A buffer overflow flaw was reported in pyfribidi's
fribidi_utf8_to_unicode() function, due to it handling at most 3 bytes
for a single unicode character.  If a 4-byte utf-8 sequence was
supplied, it would generate 2 unicode characters which would overflow
the logical buffer.  This has been fixed in pyfribidi 0.11.




Please use CVE-2012-1176 for this issue.

Kurt Seifried Red Hat Security Response Team (SRT)

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]