FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-27 18:04:16 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
51358314-bec8-11e5-82cd-bcaec524bf84claws-mail -- no bounds checking on the output buffer in conv_jistoeuc, conv_euctojis, conv_sjistoeuc

DrWhax reports:

So in codeconv.c there is a function for Japanese character set conversion called conv_jistoeuc(). There is no bounds checking on the output buffer, which is created on the stack with alloca() Bug can be triggered by sending an email to TAILS_luser@riseup.net or whatever. Since my C is completely rusty, you might be able to make a better judgment on the severity of this issue. Marking critical for now.


Discovery 2015-11-04
Entry 2016-01-19
claws-mail
< 3.13.2

CVE-2015-8614
https://security-tracker.debian.org/tracker/CVE-2015-8614