Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200501-20] o3read: Buffer overflow during file conversion Vulnerability Scan
Vulnerability Scan Summary
o3read: Buffer overflow during file conversion
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200501-20
(o3read: Buffer overflow during file conversion)
Wiktor Kopec discovered that the parse_html function in o3read.c
copies any number of bytes into a 1024-byte t array.
Using a specially crafted file, possibly delivered by e-mail or
over the Web, a possible hacker may execute arbitrary code with the
permissions of the user running o3read.
There is no known workaround at this time.
All o3read users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-text/o3read-0.0.4"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.