Published: 10/01/2005 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Multiple buffer overflows in (1) the getline function in pcalutil.c and (2) the get_holiday function in readfile.c for pcal 4.7.1 allow remote malicious users to execute arbitrary code via a crafted calendar file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
pcal pcal 4.6.0
pcal pcal 4.7.0
pcal pcal 4.7.1
pcal pcal 4.1.0
pcal pcal 4.3.0
pcal pcal 4.5.0

Danny Lungstrom discovered two buffer overflows in pcal, a program to generate Postscript calendars, that could lead to the execution of arbitrary code when compiling a calendar For the stable distribution (woody) these problems have been fixed in version 47-8woody1 For the unstable distribution (sid) these problems have been fixed in version 4 ...

source: wwwsecurityfocuscom/bid/12036/info PCAL is prone to a buffer overflow vulnerability This issue is exposed when the application handles a calendar file that contains excessively long holiday data Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature Succ ...

source: wwwsecurityfocuscom/bid/12035/info PCAL is prone to a buffer overflow vulnerability This issue is exposed when the application handles a calendar file that contains excessively long lines Since calendar files may originate from an external or untrusted source, this vulnerability is considered to be remote in nature Successful ...

NVD-CWE-Other http://tigger.uic.edu/~jlongs2/holes/pcal.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/18552 https://nvd.nist.gov https://www.debian.org/security/./dsa-625 https://www.exploit-db.com/exploits/25036/

CVE-2004-1289

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect