mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-30 05:40:06 +00:00
- Document heap overflow in the KML engine in google-earth
Reviewed by: secteam (simon) Approved by: portmgr (implicit)
This commit is contained in:
parent
6426407259
commit
2e6d88f123
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=175297
@ -34,6 +34,34 @@ Note: Please add new entries to the beginning of this file.
|
|||||||
|
|
||||||
-->
|
-->
|
||||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||||
|
<vuln vid="5c9a2769-5ade-11db-a5ae-00508d6a62df">
|
||||||
|
<topic>google-earth -- heap overflow in the KML engine</topic>
|
||||||
|
<affects>
|
||||||
|
<package>
|
||||||
|
<name>google-earth</name>
|
||||||
|
<range><ge>0</ge></range>
|
||||||
|
</package>
|
||||||
|
</affects>
|
||||||
|
<description>
|
||||||
|
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||||
|
<p>JAAScois reports:</p>
|
||||||
|
<p>While processing KML/KMZ data Google Earth fails to verify
|
||||||
|
its size prior to copying it into a fixed-sized buffer.
|
||||||
|
This can be exploited as a buffer-overflow vulnerability to
|
||||||
|
cause the application to crash and/or to execute arbitrary
|
||||||
|
code.</p>
|
||||||
|
</body>
|
||||||
|
</description>
|
||||||
|
<references>
|
||||||
|
<bid>20464</bid>
|
||||||
|
<url>http://www.jaascois.com/exploits/18602024/</url>
|
||||||
|
</references>
|
||||||
|
<dates>
|
||||||
|
<discovery>2006-10-10</discovery>
|
||||||
|
<entry>2006-10-14</entry>
|
||||||
|
</dates>
|
||||||
|
</vuln>
|
||||||
|
|
||||||
<vuln vid="72f21372-55e4-11db-a5ae-00508d6a62df">
|
<vuln vid="72f21372-55e4-11db-a5ae-00508d6a62df">
|
||||||
<topic>torrentflux -- User-Agent XSS Vulnerability</topic>
|
<topic>torrentflux -- User-Agent XSS Vulnerability</topic>
|
||||||
<affects>
|
<affects>
|
||||||
|
Loading…
Reference in New Issue
Block a user