FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

picasm -- buffer overflow vulnerability

Affected packages
picasm < 1.12c

Details

VuXML ID 8a3ece40-3315-11da-a263-0001020eed82
Discovery 2005-05-20
Entry 2005-10-02

Shaun Colley reports:

When generating error and warning messages, picasm copies strings into fixed length buffers without bounds checking.

If an attacker could trick a user into assembling a source file with a malformed 'error' directive, arbitrary code could be executed with the privileges of the user. This could result in full system compromise.

References

Bugtraq ID 13698
CVE Name CVE-2005-1679
Message c522a35a0505200807744163c4@mail.gmail.com