Back to search
CVE-2018-1000221
Published: Aug 20, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
pkgconf version 1.5.0 to 1.5.2 contains a Buffer Overflow vulnerability in dequote() that can result in dequote() function returns 1-byte allocation if initial length is 0, leading to buffer overflow. This attack appear to be exploitable via specially crafted .pc file. This vulnerability appears to have been fixed in 1.5.3.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://git.dereferenced.org/pkgconf/pkgconf/pulls/3
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now