CVE-2006-0459

Published: 29 March 2006

flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.

Priority

Status

Package	Release	Status
cyrus21-imapd Launchpad, Ubuntu, Debian	dapper	Released (2.1.18-2ubuntu2)
	edgy	Released (2.1.18-2ubuntu2)
	feisty	Released (2.1.18-2ubuntu2)
	upstream	Needs triage
flex Launchpad, Ubuntu, Debian	dapper	Released (2.5.31-38ubuntu1)
	edgy	Released (2.5.31-38ubuntu1)
	feisty	Released (2.5.31-38ubuntu1)
	upstream	Needs triage
flex-old Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	upstream	Needs triage
gcc-3.3 Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	upstream	Needs triage
gcc-3.4 Launchpad, Ubuntu, Debian	dapper	Not vulnerable
	edgy	Not vulnerable
	feisty	Not vulnerable
	upstream	Needs triage
gob2 Launchpad, Ubuntu, Debian	dapper	Released (2.0.14-1ubuntu1)
	edgy	Released (2.0.14-1ubuntu1)
	feisty	Released (2.0.14-1ubuntu1)
	upstream	Needs triage
xine-extracodecs Launchpad, Ubuntu, Debian	dapper	Released (1.1.1+ubuntu1-2)
	edgy	Released (1.1.1+ubuntu1-2)
	feisty	Released (1.1.1+ubuntu1-2)
	upstream	Needs triage
xine-lib Launchpad, Ubuntu, Debian	dapper	Released (1.1.1+ubuntu2-7.7)
	edgy	Released (1.1.2+repacked1-0ubuntu3.4)
	feisty	Ignored (end of life, was needed)
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

CVE-2006-0459

Priority

Status

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Further reading