Qualcomm QPopper Bulletin Name Buffer Overflow Vulnerability

QPopper is a freely available, open source software package distributed by Qualcomm. It is designed for use on various operating systems, although this problem affects the Unix and Linux platforms.

QPopper does not sufficiently check bounds on some data. When a user supplies a bulletin with a long name (greater than 256 bytes), a buffer overflow occurs. This could result in the overwriting of process memory, including the return address within the stack, and code execution.


 

Privacy Statement
Copyright 2010, SecurityFocus