Debian- stack smashing when reading ics file

From: Sang Kil Cha <sangkil.cha@gmail.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: stack smashing when reading ics file
Date: Tue, 05 Feb 2013 11:01:39 -0500

[Message part 1 (text/plain, inline)]

Package: imview
Version: 1.1.9c-9
Severity: grave
Tags: security

imview has stack smashing vulnerability when parsing ics header @
io/readics.cxx:320. It reads in .ics file (iCalendar). Typical scenario would be to share your schedule by sending the ics file to your friends. So someone can open a malicious calendar file from imview, and then crash.

     /* get the filename from the ICS file */

         t = temp1;
             while (*bp != delim2)
                     *t++ = *bp++;

This bug can lead arbitrary code execution.

I am attaching a crashing input.


-- System Information:
Debian Release: 7.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages imview depends on:
ii  libc6           2.13-37
ii  libfontconfig1  2.9.0-7.1
ii  libgcc1         1:4.7.2-5
ii  libgomp1        4.7.2-5
ii  libjpeg8        8d-1
ii  libmagickcore5  8:6.7.7.10-5
ii  libpng12-0      1.2.49-1
ii  libstdc++6      4.7.2-5
ii  libtiff4        3.9.6-11
ii  libx11-6        2:1.5.0-1
ii  libxext6        2:1.3.1-2
ii  libxft2         2.3.1-1
ii  libxinerama1    2:1.1.2-1
ii  libxpm4         1:3.5.10-1
ii  zlib1g          1:1.2.7.dfsg-13

imview recommends no packages.

Versions of packages imview suggests:
pn  imview-doc  <none>

-- no debconf information

[crash.ics (text/plain, attachment)]