AVG-515

Package procmail
Status Fixed
Severity Critical
Type arbitrary code execution
Affected 3.22-7
Fixed 3.22-9
Current 3.22-9 [extra]
Ticket None
Created Tue Nov 21 14:38:46 2017
Issue Severity Remote Type Description
CVE-2017-16844 Critical Yes Arbitrary code execution
A heap-based buffer overflow flaw was found in the loadbuf function in formisc.c in the formail utility in procmail <= 3.22 because of a hardcoded realloc...
Date Advisory Package Description
30 Nov 2017 ASA-201711-39 procmail arbitrary code execution
References
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876511