| Severity |
|
| Remote |
|
| Type |
| - |
Unknown |
| + |
Arbitrary code execution |
|
| Description |
| + |
dmg2img does not validate the size of a buffer during memcpy() inside the main() function. This possibly leads to a crash of the dmg2img command with an undefined behavior. It may be possible for an attacker to control the written data. |
|
| References |
| + |
https://bugzilla.redhat.com/show_bug.cgi?id=1959585 |
| + |
https://github.com/Lekensteyn/dmg2img/issues/9 |
| + |
https://github.com/Lekensteyn/dmg2img/files/5010438/heap-overflow-dmg2img-284.zip |
|
| Notes |
|