Re: [Full-disclosure] mutt buffer overflow

["Frank Denis (Jedi/Sector One)" <j () pureftpd org>]

 Peter,

On Thu, Aug 18, 2005 at 02:57:33AM -0600, Peter Valchev wrote:
> The problem is in the mutt attachment/encoding/decoding functions,
> specifically handler.c:mutt_decode_xbit() and the buffer
> bufi[BUFI_SIZE].

 Can you reproduce this if you recompile libiconv/gettext/mutt?
 
 I reported that bug on Jul 12, but in fact it only happened with
libiconv/gettext compiled against an OpenBSD libc before the mb*() changes,
but then running libc 38.2.

 An easier way to trigger this is ftp://ftp.00f.net/misc/mutt-crash-poc.mbox
 
 But the mutt's code doesn't actually look wrong.

 Best regards,
 
    -Frank.