Published: 21/09/2018 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

HylaFAX 6.0.6 and HylaFAX+ 5.6.0 allow remote malicious users to execute arbitrary code via a dial-in session that provides a FAX page with the JPEG bit enabled, which is mishandled in FaxModem::writeECMData() in the faxd/CopyQuality.c++ file.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
debian debian linux 9.0
hylafax hylafax\\+ 5.6.0
hylafax hylafax 6.0.6

Debian Bug report logs - #909161 hylafax: CVE-2018-17141 Package: src:hylafax; Maintainer for src:hylafax is Giuseppe Sacco <eppesuig@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 19 Sep 2018 06:36:01 UTC Severity: grave Tags: patch, security, upstream Found in version hylafax/3:606 ...

Luis Merino, Markus Vervier and Eric Sesterhenn discovered that missing input sanitising in the Hylafax fax software could potentially result in the execution of arbitrary code via a malformed fax message For the stable distribution (stretch), this problem has been fixed in version 3:606-7+deb9u1 We recommend that you upgrade your hylafax packa ...

Full Disclosure mailing list archives   By Date By Thread </form>    X41 D-Sec GmbH Security Advisory X41-2018-008: Multiple Vulnerabilities in HylaFAX  <!--X-H ...

CWE-824 CWE-787 https://www.x41-dsec.de/lab/advisories/x41-2018-008-hylafax/https://seclists.org/bugtraq/2018/Sep/49 http://www.openwall.com/lists/oss-security/2018/09/20/1 https://www.debian.org/security/2018/dsa-4298 https://lists.debian.org/debian-lts-announce/2018/09/msg00026.html http://git.hylafax.org/HylaFAX?a=commit%3Bh=c6cac8d8cd0dbe313689ba77023e12bc5b3027be https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=909161 https://nvd.nist.gov https://www.debian.org/security/./dsa-4298

CVE-2018-17141

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect