Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 15 Oct 2008 14:34:45 -0400 (EDT)
From: "Steven M. Christey" <>
To:, Jamie Strandboge <>
Subject: Re: CVE request: jhead

Here's the current writeup for CVE-2008-4575.

Jamie and John - don't feel forced to publish more specific details, just
knowing the bug types (and whether upstream fixed *all* the overflows in
2.84, or just some) is enough.

- Steve

Name: CVE-2008-4575
Status: Candidate
Reference: MLIST:[oss-security] 20081015 Re: CVE request: jhead
Reference: URL:
Reference: CONFIRM:
Reference: CONFIRM:

Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
via (1) a long -cmd argument and (2) possibly other unspecified

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.