greed -- insecure GRX file processing
A buffer overflow vulnerability has been detected in the greed
URL handling code. This bug can especially be a problem when greed is
used to process GRX (GetRight) files that originate from untrusted
The bug finder, Manigandan Radhakrishnan, gave the following
Here are the bugs. First, in main.c, DownloadLoop() uses strcat()
to copy an input filename to the end of a 128-byte COMMAND array.
Second, DownloadLoop() passes the input filename to system() without
checking for special characters such as semicolons.
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright