CVE-2016-7045

Source
Severity High
Remote Yes
Type Arbitrary code execution
Description
The format_send_to_gui() function does not validate the length of the string before incrementing the `ptr' pointer in all cases.
If that happens, the pointer `ptr' can be incremented twice and thus end past the boundaries of the original `dup' buffer.
Remote code execution might be difficult since only Nuls are written.
Group Package Affected Fixed Severity Status Ticket
AVG-27 irssi 0.8.19-2 0.8.20-1 High Fixed
Date Advisory Group Package Severity Description
22 Sep 2016 ASA-201609-20 AVG-27 irssi High arbitrary code execution
References
https://irssi.org/security/irssi_sa_2016.txt