Title: ABC2PS/JCABC2PS Voice Field Buffer Overflow Vulnerability
Severity: HIGH
Description:
abc2ps and jcabc2ps are utilities for converting ABC music notation files into PostScript format. Although they are maintained by different vendors, they share the same code base. These applications are available for UNIX/Linux variants.
abc2ps and jcabc2ps are prone to a buffer overflow vulnerability. This issue is exposed when the program is used to process the voice field in ABC music notation files. Since the ABC files may originate from an external or untrusted source, this issue is considered remote in nature.
The specific vulnerability exists in the switch_voice() function in 'parse.c'. The function copies ABC voice field data into a 201 byte destination buffer without adequately limiting the size of the source data. This could result in memory corruption if more than 201 bytes are copied into the destination buffer.
Successful exploitation will result in execution of arbitrary code in the context of the user running the application.
Affected Products:
- John Chambers jcabc2ps 0.0.020040902
- abc2ps abc2ps 1.2.0
References:
- "D. J. Bernstein" <djb@cr.yp.to>: [remote] [control] jcabc2ps switch_voice() overflows t1 buffer
- John Chambers: jcabc2ps Homepage
- John Chambers <jc@trillian.mit.edu>: Re: [remote] [control] jcabc2ps switch_voice() overflows t1 buffer
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
