Mcrypt Multiple Format String Vulnerabilities

Mcrypt is prone to multiple format-string vulnerabilities because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker may exploit these issues to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

Mcrypt 2.6.8 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus