Multiple vulnerabilities, including buffer overflows, have been found in abcm2ps.
|Package||media-sound/abcm2ps on all architectures|
|Affected versions||< 5.9.13|
|Unaffected versions||>= 5.9.13|
abcm2ps is a program to convert abc files to Postscript files.
Multiple vulnerabilities have been discovered in abcm2ps:
A remote attacker could entice a user to load a specially crafted ABC file or use a long -O option on the command line, resulting in the execution of arbitrary code.
There is no known workaround at this time.
All abcm2ps users should upgrade to the latest stable version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-sound/abcm2ps-5.9.13"
NOTE: This is a legacy GLSA. Updates for all affected architectures are available since August 27, 2010. It is likely that your system is already no longer affected by this issue.
November 20, 2011
November 20, 2011: 1