|
Synopsis: QuickCam linux device driver arbitrary code execution
Product: QuickCam
Version: <=1.0.9
Issue/Details:
=======
A critical security vulnerability has been found in QuickCam
initialization function (qcamvc_video_init) of the protytype:
static void qcamvc_video_init(struct qcamvc *qcamvc)
The memory corruption conditions might lead to arbitrary code
execution.
Affected Versions
================
OpenSER <= 1.0.9
Solution
========
Proper boundary checking.
Exploitation
===========
Exploitation might be performed by the use of specially
crafted QuickCam object.