FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

comms/hylafax -- Malformed fax sender remote code execution in JPEG support

Affected packages
hylafax < 6.0.7

Details

VuXML ID 3df5a920-6edc-11e9-a44b-0050562a4d7b
Discovery 2018-08-24
Entry 2019-05-05

A malicious sender that sets both JPEG and MH,MR,MMR or JBIG in the same DCS signal or sends a large JPEG page could lead to remote code execution.

[source]

References

CVE Name CVE-2018-17141
URL ftp://ftp.hylafax.org/security/CVE-2018-17141.html
URL http://bugs.hylafax.org/show_bug.cgi?id=974
URL http://git.hylafax.org/HylaFAX?a=commit;h=c6cac8d8cd0dbe313689ba77023e12bc5b3027be
URL https://www.x41-dsec.de/lab/advisories/x41-2018-008-hylafax/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.