HT Editor: Multiple buffer overflows
Gentoo Linux Security Advisory
||GLSA 200505-08 / hteditor
||May 10, 2005
||May 22, 2006: 02
All supported architectures
Two vulnerabilities have been discovered in HT Editor, potentially leading
to the execution of arbitrary code.
HT is a hex editor, designed to help analyse and modify executable
Tavis Ormandy of the Gentoo Linux Security Team discovered an integer
overflow in the ELF parser, leading to a heap-based buffer overflow.
The vendor has reported that an unrelated buffer overflow has been
discovered in the PE parser.
Successful exploitation would require the victim to open a specially
crafted file using HT, potentially permitting an attacker to execute
There is no known workaround at this time.
All hteditor users should upgrade to the latest version:
Code Listing 3.1: Resolution
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-editors/hteditor-0.8.0-r2"