Date: Wed, 21 Aug 2013 22:52:33 +0200 From: "Thijs Kinkhorst" <thijs@...ian.org> To: oss-security@...ts.openwall.com Subject: Re: CVE request: lcms 1.x buffer overflows On Wed, August 21, 2013 22:20, Kurt Seifried wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 08/05/2013 06:49 AM, Raphael Geissert wrote: >> On 5 August 2013 07:25, Thijs Kinkhorst <thijs@...ian.org> wrote: >>> Buffer overflows have been reported in Little CMS 1.x: >>> http://bugs.debian.org/718682 >> >> Just a quick note: one of the affected parts of the code is a >> sample and the other is the tiffdiff(1) tool, where the buffer >> overflow is triggered by the file names passed as arguments. >> >> Cheers, >> > > can you post the filenames/affected code? thanks. You can find it in this patch: https://bugzilla.redhat.com/attachment.cgi?id=783274 linked from: https://bugzilla.redhat.com/show_bug.cgi?id=991757 Cheers, Thijs
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ