Jack Louis has discovered a vulnerability in Perl, which can be exploited by malicious people to cause a Denial of Service and potentially to compromise a vulnerable Perl application.

The vulnerability is caused due to an integer overflow error in the "Perl_sv_vcatpvfn()" function of "sv.c" when handing a format string that contains an explicit format parameter index that exceeds INT_MAX. This can exploited to cause illegal memory access which causes an affected Perl application to crash.

Example:
perl -e 'printf("%2147483649\$n");'

The vulnerability has been confirmed in version 5.8.7 and also reported in versions 5.8.6 and 5.9.2. Other versions may also be affected.

Note: This vulnerability must be exploited in conjunction with a format string vulnerability in a Perl application. According to the vendor, exploitation of this vulnerability could lead to execution of arbitrary code.

Solution
Apply patches.
Further details available to Secunia VIM customers

Provided and/or discovered by
Jack Louis, Dyad Security.

Changelog
Further details available to Secunia VIM customers

Original Advisory
Perl.org:
http://www.perlfoundation.org/news/2005/sprintf_patch_released.html

Dyad Security:
http://www.dyadsecurity.com/perl-0002.html

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers