[原文]Multiple buffer overflows in the (1) write_heading function in subs.cpp or (2) trim_title function in parse.cpp for abctab2ps 1.6.3 allow remote attackers to execute arbitrary code via crafted ABC files.
abctab2ps subs.cpp write_heading() Function Overflow
Remote / Network Access
Loss of Integrity
A remote overflow exists in abctab2ps. The 'write_heading()' function in 'subs.cpp' fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted ABC file, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 1.6.4 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.