[Insight-developers] formatstring vulnerability in
NumericSeriesFileNames::GetFileNames
Henning Meyer
tutmann at gmail.com
Tue Jun 27 05:20:52 EDT 2006
Hello,
I just had a look a this function and it looks like there is a format
string vulnerability:
char temp[4096];
for (unsigned long i = m_StartIndex; i <= m_EndIndex; i+= m_IncrementIndex)
{
sprintf (temp, m_SeriesFormat.c_str(), i);
std::string fileName(temp);
m_FileNames.push_back(fileName);
}
As far as I have seen the length of m_SeriesFormat is not checked. So
one might use it for format string attacks.
Henning
More information about the Insight-developers
mailing list