OSVDB ID: 19253 Title: HOCR -i Parameter Local Overflow |
Info |
|
|
Dates |
||||
|
|
Description |
A local overflow exists in HOCR. The library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long string to the -i parameter, a malicious user can cause arbitrary code execution resulting in a loss of integrity. |
Classification |
Location:
Local Access Required
Attack Type: Input Manipulation Impact: Loss of Integrity Exploit: Exploit Available Disclosure: OSVDB Verified |
Solution |
Upgrade to version 0.4.5a or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. |
Products |
|
References |
|
Credit |
|
beyondsecurity.com -