FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

acroread5 -- mailListIsPdf() buffer overflow vulnerability

Affected packages
acroread < 5.10
acroread4 < 5.10
acroread5 < 5.10

Details

VuXML ID 28e93883-539f-11d9-a9e7-0001020eed82
Discovery 2004-10-14
Entry 2004-12-21
Modified 2005-01-06

An iDEFENSE Security Advisory reports:

Remote exploitation of a buffer overflow in version 5.09 of Adobe Acrobat Reader for Unix could allow for execution of arbitrary code.

The vulnerability specifically exists in a the function mailListIsPdf(). This function checks if the input file is an email message containing a PDF. It unsafely copies user supplied data using strcat into a fixed sized buffer.

[source]

References

CERT/CC Vulnerability Note 253024
CVE Name CVE-2004-1152
URL http://www.adobe.com/support/techdocs/331153.html
URL http://www.idefense.com/application/poi/display?id=161&type=vulnerabilities

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.