FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Affected packages
amaya < 9.5

Details

VuXML ID dc930435-d59f-11da-8098-00123ffe8333
Discovery 2006-04-14
Entry 2006-04-27

Secunia reports:

Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system.

The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user opens a specially crafted HTML document containing certain tags with overly long attribute values.

Successful exploitation allows execution of arbitrary code.

References

CVE Name CVE-2006-1900
URL http://morph3us.org/advisories/20060412-amaya-94-2.txt
URL http://morph3us.org/advisories/20060412-amaya-94.txt
URL http://secunia.com/advisories/19670/