Show filters
14 Total Results
Displaying 1-10 of 14
Sort by:
Attacker Value
Unknown

CVE-2019-1010189

Disclosure Date: July 24, 2019 (last updated November 08, 2023)
mgetty prior to version 1.2.1 is affected by: Infinite Loop. The impact is: DoS, the program does never terminates. The component is: g3/g32pbm.c. The attack vector is: Local, the user should open a specially crafted file. The fixed version is: 1.2.1.
0
0
Attacker Value
Unknown

CVE-2019-1010190

Disclosure Date: July 24, 2019 (last updated November 27, 2024)
mgetty prior to 1.2.1 is affected by: out-of-bounds read. The impact is: DoS, the program may crash if the memory is not mapped. The component is: putwhitespan() in g3/pbm2g3.c. The attack vector is: Local, the victim must open a specially crafted file. The fixed version is: 1.2.1.
0
0
Attacker Value
Unknown

CVE-2018-16742

Disclosure Date: September 13, 2018 (last updated November 27, 2024)
An issue was discovered in mgetty before 1.2.1. In contrib/scrts.c, a stack-based buffer overflow can be triggered via a command-line parameter.
0
0
Attacker Value
Unknown

CVE-2018-16743

Disclosure Date: September 13, 2018 (last updated November 27, 2024)
An issue was discovered in mgetty before 1.2.1. In contrib/next-login/login.c, the command-line parameter username is passed unsanitized to strcpy(), which can cause a stack-based buffer overflow.
0
0
Attacker Value
Unknown

CVE-2018-16741

Disclosure Date: September 13, 2018 (last updated November 27, 2024)
An issue was discovered in mgetty before 1.2.1. In fax/faxq-helper.c, the function do_activate() does not properly sanitize shell metacharacters to prevent command injection. It is possible to use the ||, &&, or > characters within a file created by the "faxq-helper activate <jobid>" command.
0
0
Attacker Value
Unknown

CVE-2018-16744

Disclosure Date: September 13, 2018 (last updated November 27, 2024)
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow for command injection if untrusted input can reach it, because popen is used.
0
0
Attacker Value
Unknown

CVE-2018-16745

Disclosure Date: September 13, 2018 (last updated November 27, 2024)
An issue was discovered in mgetty before 1.2.1. In fax_notify_mail() in faxrec.c, the mail_to parameter is not sanitized. It could allow a buffer overflow if long untrusted input can reach it.
0
0
Attacker Value
Unknown

CVE-2008-4936

Disclosure Date: November 05, 2008 (last updated October 04, 2023)
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
0
0
Attacker Value
Unknown

CVE-2003-0516

Disclosure Date: August 18, 2003 (last updated February 22, 2025)
cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.
0
0
Attacker Value
Unknown

CVE-2003-0517

Disclosure Date: August 18, 2003 (last updated February 22, 2025)
faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwrite files via a symlink attack on JOB files.
Attack Vector: LocalPrivileges: LowUser Interaction: None
0
0
View More Topics  Next >