Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 15 May 2012 07:50:14 -0400
From: Sean Amoss <ackle@...too.org>
To: oss-security@...ts.openwall.com
Subject: CVE Request: gdk-pixbuf Integer overflow in XBM file loader

Hello,

I have not seen a CVE assigned for this issue yet:

"It's possible to crash any application with memory allocation error, or
potentially corrupt heap because width/height parameters isn't properly
verified."


References:
https://bugs.gentoo.org/show_bug.cgi?id=412033
https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150

Upstream bug:
https://bugzilla.gnome.org/show_bug.cgi?id=672811

Upstream commit:
http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22


Thanks,
Sean

-- 
Sean Amoss
Gentoo Security | GLSA Coordinator
E-Mail	  : ackle@...too.org
GnuPG ID  : E928357A
GnuPG FP  : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ