Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Wed, 21 Aug 2013 22:52:33 +0200
From: "Thijs Kinkhorst" <thijs@...ian.org>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: lcms 1.x buffer overflows

On Wed, August 21, 2013 22:20, Kurt Seifried wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On 08/05/2013 06:49 AM, Raphael Geissert wrote:
>> On 5 August 2013 07:25, Thijs Kinkhorst <thijs@...ian.org> wrote:
>>> Buffer overflows have been reported in Little CMS 1.x:
>>> http://bugs.debian.org/718682
>>
>> Just a quick note: one of the affected parts of the code is a
>> sample and the other is the tiffdiff(1) tool, where the buffer
>> overflow is triggered by the file names passed as arguments.
>>
>> Cheers,
>>
>
> can you post the filenames/affected code? thanks.

You can find it in this patch:
https://bugzilla.redhat.com/attachment.cgi?id=783274
linked from:
https://bugzilla.redhat.com/show_bug.cgi?id=991757


Cheers,
Thijs

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ