m4
Page content
- Author: vmiklos
- Vulnerable: 1.4.10-1
- Unaffected: 1.4.10-2kalgan1
A vulnerability and a security issue have been reported in GNU M4, which can be exploited by malicious people to manipulate certain data or to potentially compromise a user’s system.
- A format string error exists within the “produce_frozen_state()” function in src/freeze.c. This can be exploited via a specially crafted filename passed as a parameter to “m4 -F”. Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into processing a filename containing malicious format specifiers.
- An error within the implementation of the “maketemp” and “mkstemp” macros can potentially be exploited to trigger the processing of improper files via special characters contained in the output string.
- Bug Tracker URL: http://bugs.frugalware.org/task/2963