CVE-2004-2541 — cscope - buffer overflows

Description

Buffer overflow in Cscope 15.5, and possibly multiple overflows, allows remote attackers to execute arbitrary code via a C file with a long #include line that is later browsed by the target.

How to fix CVE-2004-2541

To remediate CVE-2004-2541, upgrade the affected package to a fixed version below.

Debian/cscope—upgrade to 15.5+cvs20050816-1.1 or later
Debian/cscope—upgrade to 15.3-1woody3 or later

Is CVE-2004-2541 being exploited?

Low — EPSS is 1.9%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 15.5+cvs20050816-1.1
from 0, < 15.3-1woody3

References (1)

ADVISORYsecurity-tracker.debian.org/tracker/CVE-2004-2541