CVE-2015-2305

Description

Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

Affected packages (6)

• Debian/clamavfrom 0, < 0.98.7+dfsg-1
• Debian/librcsb-core-wrapperfrom 0, < 1.005-3
• Debian/newlibfrom 0, < 2.0.0-1
• Debian/nvifrom 0, < 1.81.6-13
• Debian/php5from 0, < 5.3.3.1-7+squeeze29
• Debian/vigorfrom 0, < 0.016-24

References (1)

• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-2305