claws-mail: Stack overflow in conv_{jistoeuc,euctojis,sjistoeuc} (CVE-2015-8614)
Stack-based buffer overflow vulnerabilities were found in
conv_jistoeuc, conv_euctojis, conv_sjistoeuc functions,
caused by missing bound checking on the output buffer, which is created
on the stack with alloca().
Fixed In Version:
claws-mail 3.13.1
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2015-8614
Patch:
http://git.claws-mail.org/?p=claws.git;a=commit;h=d390fa07f5548f3173dd9cc13b233db5ce934c82
(from redmine: issue id 5657, created on 2016-05-31, closed on 2016-06-24)
- Relations:
- child #5658 (closed)