The pop_msg function in qpopper 4.0.x prior to 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
qualcomm qpopper 4.0.4 |
||
qualcomm qpopper 4.0.2 |
||
qualcomm qpopper 4.0.3 |
||
qualcomm qpopper 4.0.1 |