Debian Security Advisory
DLA-631-1 unadf -- LTS security update
- Date Reported:
- 21 Sep 2016
- Affected Packages:
- unadf
- Vulnerable:
- Yes
- Security database references:
- In Mitre's CVE dictionary: CVE-2016-1243, CVE-2016-1244.
- More information:
-
It was discovered that there were two vulnerabilities in unadf, a tool to extract files from an Amiga Disk File dump (.adf):
- CVE-2016-1243
stack buffer overflow caused by blindly trusting on pathname lengths of archived files.
Stack allocated buffer sysbuf was filled with sprintf() without any bounds checking in extracTree() function.
- CVE-2016-1244
execution of unsanitized input
Shell command used for creating directory paths was constructed by concatenating names of archived files to the end of the command string.
For Debian 7
Wheezy
, this issue has been fixed in unadf version 0.7.11a-3+deb7u1.We recommend that you upgrade your unadf packages.
- CVE-2016-1243