GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerability
BID:13197
Info
GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerability
| Bugtraq ID: | 13197 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 15 2005 12:00AM |
| Updated: | Apr 15 2005 12:00AM |
| Credit: | "Overflow.pl" <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
GOCR Optical Character Recognition Utility 0.40 GOCR Optical Character Recognition Utility 0.39 GOCR Optical Character Recognition Utility 0.37 GOCR Optical Character Recognition Utility 0.3.4 GOCR Optical Character Recognition Utility 0.3.2 |
| Not Vulnerable: | |
Discussion
GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerability
A remote, client-side buffer overflow vulnerability affects GOCR. This issue is due to a failure of the application to properly validate user-supplied string sizes prior to using them to copy image data into static process buffers.
An attacker may exploit this issue to overflow a process buffer and execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
A remote, client-side buffer overflow vulnerability affects GOCR. This issue is due to a failure of the application to properly validate user-supplied string sizes prior to using them to copy image data into static process buffers.
An attacker may exploit this issue to overflow a process buffer and execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
Exploit / POC
GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerability
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
GOCR ReadPGM Remote Client-Side Buffer Overflow Vulnerability
References:
References:
- GOCR Home Page (GOCR)
- GOCR - Multiple vulnerabilities ("Overflow.pl"