Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 15 Jun 2015 16:07:39 +0200
From: Stefan Cornelius <scorneli@...hat.com>
To: oss-security@...ts.openwall.com
Cc: cve-assign@...re.org
Subject: Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7

On Wed, 3 Jun 2015 13:10:43 +0200
Stefan Cornelius <scorneli@...hat.com> wrote:
> 
> There's another issue related to the RLE decoding. DecodeImage() does
> not check that the run-length "count" fits into the total size of the
> image, which can lead to a heap-based buffer overflow. I've not
> assigned a CVE ID to this (mainly because I'm not sure if this
> warrants a new CVE or should be bundled with CVE-2015-0848, so I leave
> that up to the CVE experts on the list).
> 
> We have some possible fixes in our bug [1], but be cautious - these
> are not fully vetted yet. So far, however, they look fine to me.
> 
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1227243

Any update on a possible CVE for this additional issue?

Thanks,
-- 
Stefan Cornelius / Red Hat Product Security

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ