Project

General

Profile

Bug #9457

Bug #9455: hylafax: JPEG support code execution (CVE-2018-17141)

[3.8] hylafax: JPEG support code execution (CVE-2018-17141)

Added by Alicha CH 7 months ago. Updated 6 months ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Security
Target version:
Start date:
09/24/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote attackers to execute arbitrary code via a dial-in session that provides a FAX page
with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

References:

https://www.openwall.com/lists/oss-security/2018/09/20/1
https://nvd.nist.gov/vuln/detail/CVE-2018-17141

Patch:

http://git.hylafax.org/HylaFAX?a=commit;h=82fa7bdbffc253de4d3e80a87d47fdbf68eabe36

Associated revisions

Revision 42946288 (diff)
Added by Leonardo Arena 6 months ago

main/hylafax: security fix (CVE-2018-17141)

Fixes #9457

History

#1 Updated by Anonymous 6 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#2 Updated by Alicha CH 6 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-17141)

Also available in: Atom PDF