<= Back

AOSA-2017-0005: Update GNU ed

Please update your ed package to version 1.14.1.

A security vulnerability was recently disclosed in GNU ed by Hanno Böck:

"ed can be crashed with some malformed commands:

echo -e "H\n?\{" | ed

"The bug seems to be a call of free on a nonallocated pointer. The bug was found with the fuzzing tool american fuzzy lop in ed 1.14."

And was assigned with the following CVE ID:


Relevant documentation: