Date: Thu, 1 Oct 2015 12:25:28 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 2015-10-01 10:03 GMT-03:00 Gustavo Grieco <gustavo.grieco@...il.com>: > Hello, > > We found a heap overflow in the gdk-pixbuf implementation triggered by the > scaling of gif file.These issues are only fixed in the recent release of > gdk-pixbuf 2.32.1 but affects older versions (we tested it in a fully > updated Ubuntu 14.04). > If someone needs more details, it was fixed in 2.32.1 with this commit: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa > > These issues were found using QuickFuzz. > > Regards, > Gustavo. >
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ