Buffer overflow in the IGDstartelt function in igddescparse.c in the MiniUPnP client (aka MiniUPnPc) before 1.9.20150917 allows remote UPNP servers to cause a denial of service (application crash) and possibly execute arbitrary code via an "oversized" XML element name.
{ "availability": "No subscription required", "binaries": [ { "binary_version": "1.6-3ubuntu2.14.04.2", "binary_name": "libminiupnpc-dev" }, { "binary_version": "1.6-3ubuntu2.14.04.2", "binary_name": "libminiupnpc8" }, { "binary_version": "1.6-3ubuntu2.14.04.2", "binary_name": "miniupnpc" } ], "ubuntu_priority": "medium" }