[Full-disclosure] mutt buffer overflow
Frank Denis (Jedi/Sector One)
j at pureftpd.org
Thu Aug 18 11:40:45 BST 2005
On Thu, Aug 18, 2005 at 02:57:33AM -0600, Peter Valchev wrote:
>The problem is in the mutt attachment/encoding/decoding functions,
>specifically handler.c:mutt_decode_xbit() and the buffer
Can you reproduce this if you recompile libiconv/gettext/mutt?
I reported that bug on Jul 12, but in fact it only happened with
libiconv/gettext compiled against an OpenBSD libc before the mb*() changes,
but then running libc 38.2.
An easier way to trigger this is ftp://ftp.00f.net/misc/mutt-crash-poc.mbox
But the mutt's code doesn't actually look wrong.
Full-Disclosure is hosted and sponsored by Secunia.