Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 21 Jun 2015 07:08:32 -0400 (EDT)
From: cve-assign@...re.org
To: fernando@...l-life.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> invalid read on meta_pen_create player/meta.h (+ patch)
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784205

> heap-buffer-overflow
> READ of size 4
> player/meta.h
> - while (objects[i].type && (i < NUM_OBJECTS (API))) i++;
> + while ((i < NUM_OBJECTS (API)) && objects[i].type) i++;

Use CVE-2015-4695.


> wmf2gd/wmf2eps invalid read
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=784192

> wmf2gd/wmf2eps
> heap-use-after-free
> READ of size 4

Use CVE-2015-4696.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVhprFAAoJEKllVAevmvmshbEIAIfLEYL/JRloei5vBHe0v3hm
APMvwwLcDrJFZ1UHznIw3qk11YErS4HhPNsE8Y89ugTUbPAtKuL0iG/ymOCphZx6
M+0BJDkQvyrSxWzp/TO08UYtwLsyK67U7sh6CUoTC/Q3OBz15jA+7FmQ0tcH8VeF
Gx+hu7a3HhSpsbq2gLFH9hWsMJj690OFpoAwqpXzd2T0yn6kIM7EhBc3fCSQp+A2
vKbVZTB6eBOfuf8A5CCCxaCXzGoO8dlQGGAo+XhzxFQARCObDw32u+vIZ9Q9KF2b
+xrWvuXKB5q7QVp3IsYgPoE0BqXiEBTGyTPcv0yXPFgp13y4XJvalfmpbmL+vAo=
=2Ssa
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ