FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

acroread5 -- mailListIsPdf() buffer overflow vulnerability

Affected packages
acroread < 5.10
acroread4 < 5.10
acroread5 < 5.10


VuXML ID 28e93883-539f-11d9-a9e7-0001020eed82
Discovery 2004-10-14
Entry 2004-12-21
Modified 2005-01-06

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.

The vulnerability specifically exists in a the function mailListIsPdf(). This function checks if the input file is an email message containing a PDF. It unsafely copies user supplied data using strcat into a fixed sized buffer.


CERT/CC Vulnerability Note 253024
CVE Name CVE-2004-1152