GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability
BID:13195
Info
GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability
| Bugtraq ID: | 13195 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2005 12:00AM |
| Updated: | Apr 15 2005 12:00AM |
| Credit: | "Overflow.pl" <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
GOCR Optical Character Recognition Utility 0.40 GOCR Optical Character Recognition Utility 0.39 GOCR Optical Character Recognition Utility 0.37 GOCR Optical Character Recognition Utility 0.3.4 GOCR Optical Character Recognition Utility 0.3.2 |
| Not Vulnerable: | |
Discussion
GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability
A remote, client-side integer overflow vulnerability affects GOCR. This issue is due to a failure of the application to properly validate user-supplied image size values prior to using them to copy image data into static process buffers.
An attacker may exploit this issue to overflow a process buffer and execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
A remote, client-side integer overflow vulnerability affects GOCR. This issue is due to a failure of the application to properly validate user-supplied image size values prior to using them to copy image data into static process buffers.
An attacker may exploit this issue to overflow a process buffer and execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Exploit / POC
GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
GOCR ReadPGM NetPBM Remote Client-Side Integer Overflow Vulnerability
References:
References:
- GOCR Home Page (GOCR)
- GOCR - Multiple vulnerabilities ("Overflow.pl"