HT Editor: Multiple buffer overflows Two vulnerabilities have been discovered in HT Editor, potentially leading to the execution of arbitrary code. hteditor 2005-05-10 2006-05-22 91569 remote 0.8.0-r2 0.8.0-r2

HT is a hex editor, designed to help analyse and modify executable files.

Tavis Ormandy of the Gentoo Linux Security Team discovered an integer overflow in the ELF parser, leading to a heap-based buffer overflow. The vendor has reported that an unrelated buffer overflow has been discovered in the PE parser.

Successful exploitation would require the victim to open a specially crafted file using HT, potentially permitting an attacker to execute arbitrary code.

There is no known workaround at this time.

All hteditor users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2" CVE-2005-1545 CVE-2005-1546 jaervosz taviso jaervosz