DSA-3676-1 unadf -- unadfID: oval:org.secpod.oval:def:602623 | Date: (C)2016-09-28 (M)2024-03-20 |
Class: PATCH | Family: unix |
Tuomas Räsänen discovered two vulnerabilities in unADF, a tool to extract files from an Amiga Disk File dump : CVE-2016-1243 A stack buffer overflow in the function extractTree might allow an attacker, with control on the content of a ADF file, to execute arbitrary code with the privileges of the program execution. CVE-2016-1244 The unADF extractor creates the path in the destination via a mkdir in a system call. Since there was no sanitization on the input of the filenames, an attacker can directly inject code in the pathnames of archived directories in an ADF file.
Platform: |
Debian 8.x |
Debian 7.x |