CVE-2010-3441Classic Buffer Overflow in Abcm2ps

CWE-120Classic Buffer OverflowCWE-787Out-of-bounds Write16 documents5 sources
Severity
10.0CRITICALNVD
NVD7.5NVD6.8OSV7.5
EPSS
5.8%
top 9.46%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Abcm2ps Project Abcm2psMoinejf Abcm2psDebian Abcm2ps+1 more
Timeline
PublishedFeb 18
Latest updateMay 13

Description

Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers to execute arbitrary code via (1) a crafted input file, related to the PUT0 and PUT1 output macros; (2) a crafted input file, related to the trim_title function; and possibly (3) a long -O option on a command line.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/abcm2ps< abcm2ps 5.9.13-0.1 (bookworm)+1
NVDmoinejf/abcm2ps< 5.9.13+1
Debianabcm2ps_project/abcm2ps< 5.9.22-1+7

Also affects: Fedora 13, 14

Patches

Patch: www.openwall.comPatch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

6
GHSA
GHSA-hh8f-g344-97jg: Heap-based buffer overflow in the getarena function in abc2ps2022-05-13
GHSA
GHSA-w472-23r7-6hhp: Multiple buffer overflows in abcm2ps before 52022-05-13
GHSA
GHSA-vp3v-x3r7-4vw2: Multiple unspecified vulnerabilities in abcm2ps before 52022-05-13
OSV
CVE-2010-4743: Heap-based buffer overflow in the getarena function in abc2ps2011-02-18
OSV
CVE-2010-3441: Multiple buffer overflows in abcm2ps before 52011-02-18

📋Vendor Advisories

3
Debian
CVE-2010-3441: abcm2ps - Multiple buffer overflows in abcm2ps before 5.9.12 might allow remote attackers ...2010
Debian
CVE-2010-4744: abcm2ps - Multiple unspecified vulnerabilities in abcm2ps before 5.9.13 have unknown impac...2010
Debian
CVE-2010-4743: abcm2ps - Heap-based buffer overflow in the getarena function in abc2ps.c in abcm2ps befor...2010

💬Community

4
Bugzilla
CVE-2010-3441 abcm2ps various flaws [fedora-all]2010-12-16
Bugzilla
CVE-2010-2053 emesene: symlink vulnerability allows overwriting arbitrary files2010-06-07
Bugzilla
CVE-2010-4743 CVE-2010-4744 Abcm2ps v5.9.13: Multiple security vulnerabilities2010-06-05
Bugzilla
CVE-2010-3441 Abcm2ps v5.9.12: Multiple unspecified security vulnerabilities2010-04-08