Project

General

Profile

Bug #9455

hylafax: JPEG support code execution (CVE-2018-17141)

Added by Alicha CH 8 months ago. Updated 7 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
-
Start date:
09/24/2018
Due date:
% Done:

100%

Estimated time:
(Total: 0.00 h)
Affected versions:
Security IDs:

Description

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page
with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

References:

https://www.openwall.com/lists/oss-security/2018/09/20/1
https://nvd.nist.gov/vuln/detail/CVE-2018-17141

Patch:

http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36


Subtasks

Bug #9456: [3.9] hylafax: JPEG support code execution (CVE-2018-17141)Closed

Bug #9457: [3.8] hylafax: JPEG support code execution (CVE-2018-17141)Closed

Bug #9458: [3.7] hylafax: JPEG support code execution (CVE-2018-17141)Closed

Bug #9459: [3.6] hylafax: JPEG support code execution (CVE-2018-17141)Closed

Bug #9460: [3.5] hylafax: JPEG support code execution (CVE-2018-17141)Closed

History

#1 Updated by Leonardo Arena 7 months ago

  • Status changed from New to Resolved

#2 Updated by Alicha CH 7 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-17141)

Also available in: Atom PDF