New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug Report]stack-buffer-overflow in Function epub2txt_do_file() AT src/epub2txt.c #17
Comments
|
I'm unsure what work is required here. I'm not remotely surprised that epub2txt is prone to buffer-overrun situations, but I'm not sure what the significance is. This isn't a utility that's going to be run unattended as a server process, so I don't see how these buffer-overruns are exploitable in any practical way. If I have misunderstood, feel free to correct me. |
Hi Kevin, |
|
Thank you for reporting this problem. I had carelessly assumed that all XHTML documents in an EPUB would be well-formed. I had used a strcpy() call into a buffer of fixed length. I believe this is fixed in the latest push -- please let me know if you think otherwise. |
|
Nice work :). This vulnerability was fixed. |
Description
A stack-buffer-overflow was discovered in epub2txt2.
The issue is being triggered in function xhtml_translate_entity() at src/xhtml.c:576
Version
Version 2.02 (Lastest)
Environment
Ubuntu 18.04, 64bit
Reproduce
Command
POC file at the bottom of this report.
With ASAN
Note: You can use ASAN for more direct verification.
ASAN Report
POC
POC
Any issue plz contact with me:
admin@hack.best
OR:
twitter: @Asteriska8
The text was updated successfully, but these errors were encountered: