CVE-2018-17141

Related Files

Debian Security Advisory 4298-1

Posted Sep 21, 2018

Authored by Debian | Site debian.org

Debian Linux Security Advisory 4298-1 - Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message.

tags | advisory, arbitrary

systems | linux, debian

advisories | CVE-2018-17141

SHA-256 | faff4fa4c9124b9310a906f7a8a59cc8161b5eca6907b1f1a74cfc0bc60dc589

Download | Favorite | View

HylaFAX 6.0.6 / 5.6.0 Uninitialized Pointer / Out Of Bounds Write

Posted Sep 20, 2018

Authored by Markus Vervier, Eric Sesterhenn, Luis Merino

Multiple bugs were found in the code handling fax page reception in JPEG format that allow arbitrary writes to an uninitialized pointer by remote parties dialing in. When processing an specially crafted input, the issue could lead to remote code execution. HylaFAX versions 6.0.6 and 5.6.0 are affected.

tags | advisory, remote, arbitrary, code execution

advisories | CVE-2018-17141

SHA-256 | a6ae5d3d4dedcc85875a8b486ef5cb3f062250e0ddef95b52ca59a9b77f9c066

Download | Favorite | View