GMime Uuencode Size Macro Buffer Overflow Vulnerability

Secunia ID	SA38459
CVE-ID	CVE-2010-0409
Release Date	03 Feb 2010
Last Change	10 Feb 2010
Criticality	Less Critical
Solution Status	Vendor Patch
Software	GMime 2.x
Where	From remote
Impact	DoS (Denial of Service) This includes vulnerabilities ranging from excessive resource consumption (e.g. causing a system to use a lot of memory) to crashing an application or an entire system. System access This covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user.
Description	A vulnerability has been reported in GMime, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise an application using the library. The vulnerability is caused due to the "GMIME_UUENCODE_LEN()" macro incorrectly calculating the maximum number of output bytes generated by an uuencode operation. This can be exploited to potentially cause a buffer overflow with two bytes when specially crafted input data is uuencoded by an application using GMime. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in versions prior to 2.4.15.
Solution	Update to version 2.4.15.
Reported by	Reported by the vendor.
Original Advisory	http://ftp.gnome.org/pub/GNOME/sources/gmime/2.4/gmime-2.4.15.changes