Date: Mon, 15 Jun 2015 16:07:39 +0200 From: Stefan Cornelius <scorneli@...hat.com> To: oss-security@...ts.openwall.com Cc: cve-assign@...re.org Subject: Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 On Wed, 3 Jun 2015 13:10:43 +0200 Stefan Cornelius <scorneli@...hat.com> wrote: > > There's another issue related to the RLE decoding. DecodeImage() does > not check that the run-length "count" fits into the total size of the > image, which can lead to a heap-based buffer overflow. I've not > assigned a CVE ID to this (mainly because I'm not sure if this > warrants a new CVE or should be bundled with CVE-2015-0848, so I leave > that up to the CVE experts on the list). > > We have some possible fixes in our bug , but be cautious - these > are not fully vetted yet. So far, however, they look fine to me. > >  https://bugzilla.redhat.com/show_bug.cgi?id=1227243 Any update on a possible CVE for this additional issue? Thanks, -- Stefan Cornelius / Red Hat Product Security
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ