1
0
mirror of https://git.FreeBSD.org/ports.git synced 2024-12-30 05:40:06 +00:00

- Document heap overflow in the KML engine in google-earth

Reviewed by:	secteam (simon)
Approved by:	portmgr (implicit)
This commit is contained in:
Andrew Pantyukhin 2006-10-14 12:32:43 +00:00
parent 6426407259
commit 2e6d88f123
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=175297

View File

@ -34,6 +34,34 @@ Note: Please add new entries to the beginning of this file.
--> -->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
<vuln vid="5c9a2769-5ade-11db-a5ae-00508d6a62df">
<topic>google-earth -- heap overflow in the KML engine</topic>
<affects>
<package>
<name>google-earth</name>
<range><ge>0</ge></range>
</package>
</affects>
<description>
<body xmlns="http://www.w3.org/1999/xhtml">
<p>JAAScois reports:</p>
<p>While processing KML/KMZ data Google Earth fails to verify
its size prior to copying it into a fixed-sized buffer.
This can be exploited as a buffer-overflow vulnerability to
cause the application to crash and/or to execute arbitrary
code.</p>
</body>
</description>
<references>
<bid>20464</bid>
<url>http://www.jaascois.com/exploits/18602024/</url>
</references>
<dates>
<discovery>2006-10-10</discovery>
<entry>2006-10-14</entry>
</dates>
</vuln>
<vuln vid="72f21372-55e4-11db-a5ae-00508d6a62df"> <vuln vid="72f21372-55e4-11db-a5ae-00508d6a62df">
<topic>torrentflux -- User-Agent XSS Vulnerability</topic> <topic>torrentflux -- User-Agent XSS Vulnerability</topic>
<affects> <affects>