oss-sec mailing list archives

Re: CVE id request: compface


From: "Steven M. Christey" <coley () linus mitre org>
Date: Wed, 1 Jul 2009 08:01:51 -0400 (EDT)


======================================================
Name: CVE-2009-2286
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2286
Reference: MLIST:[oss-security] 20090629 CVE id request: compface
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/29/2
Reference: MLIST:[oss-security] 20090629 Re: CVE id request: compface
Reference: URL:http://www.openwall.com/lists/oss-security/2009/06/29/4
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=534973

Buffer overflow in compface 1.5.2 and earlier allows user-assisted
attackers to cause a denial of service (crash) via a long declaration
in a .xbm file.



Current thread: