FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

amaya -- multiple buffer overflow vulnerabilities

Affected packages
0 < amaya

Details

VuXML ID a89b76a7-f6bd-11dd-94d9-0030843d3802
Discovery 2008-11-25
Entry 2009-02-09

Secunia reports:

A boundary error when processing "div" HTML tags can be exploited to cause a stack-based buffer overflow via an overly long "id" parameter.

A boundary error exists when processing overly long links. This can be exploited to cause a stack-based buffer overflow by tricking the user into e.g. editing a malicious link.

A boundary error when processing e.g. a "bdo" HTML tag having an overly long "dir" attribute can be exploited to cause a stack-based buffer overflow.

A boundary error when processing "input" HTML tags can be exploited to cause a stack-based buffer overflow via an overly long e.g. "type" attribute.

References

CVE Name CVE-2008-5282
CVE Name CVE-2009-0323
URL http://milw0rm.com/exploits/7467
URL http://secunia.com/advisories/32848/
URL http://www.bmgsec.com.au/advisory/40/
URL http://www.bmgsec.com.au/advisory/41/
URL http://www.coresecurity.com/content/amaya-buffer-overflows