| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
The unformat_24bit_color() function is called by format_send_to_gui() to decode 24bit color codes into their components. The pointer is advanced unconditionally without checking if a complete code was supplied. Thus, after the return of unformat_24bit_color(), ptr might be invalid and point out of the buffer. |
|
| References |
| + |
https://irssi.org/security/irssi_sa_2016.txt |
|
| Notes |
| + |
Required irssi to build with true-color support via --enable-true-color. |
|