Date: Fri, 2 Oct 2015 13:13:39 -0400 (EDT) From: cve-assign@...re.org To: gustavo.grieco@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > We found a heap overflow and a DoS in the gdk-pixbuf implementation > triggered by the scaling of tga file. These issues are only fixed in the > recent release of gdk-pixbuf 2.32.1 > > it was fixed in 2.32.0 with the 3 commits > starting with > https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d This means: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e Use CVE-2015-7673. Apparently the cause of the issue was use of heap memory after an allocation failure. The original CVE request said "< 2.32.1" and "only fixed in ... 2.32.1" but then a followup message said "fixed in 2.32.0" instead. We think the latter is correct. The entry in the 2.32.0 changelog is shown in: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=02a76ac6956ee1418da926d6f2cedb78525495b7 Responding to: > From: Kurt Seifried <kseifried@...hat.com> > Date: Thu, 1 Oct 2015 08:04:12 -0600 > > I know on our end there was some > confusion as to whether or not this is the same flaw or closely related to > https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/ CVE-2015-4491 from mfsa2015-88 has different affected versions. Also, that CVE is only for an integer overflow. If missing allocation-failure checking before ffec86ed5010c5a2be14f47b33bcf4ed3169a199 is separately exploitable, then another CVE ID could be assigned. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWDro2AAoJEL54rhJi8gl5D54QAK/Vzop01NHL5zZpZlBwzrGZ 8dLEBvFTqXPjItMwhmLGNV/R9M59T3LEtRyENG45lMyDECuKsMVoL696Q87h16+c Gweir8ZcVC19QxMBpwn4ITiXZ3JRnLgHqEZAp+6eI4zlW4GFkpyXxF3E3YR/U3mv Bace8L3FoAq9jVqgMsHdVzZWyeUpKL9FZbRDE9wsimOg1mFIrZ/ZLW5qlFDdoxVt GqbeBpr2F+8678HQh+DIaDfyLmqSj0RCO4qBtOOoQzQ9VU+JL8TvMJE2883rwVq+ +JHf81c8ABZmqYrn/oh8AMr8WggesZRd1Q/0r+Tb7/w1FGv/qPa6JsNglrOxDxT3 AEBfTUrllJpmfrX8VQFTTNecagLwPMC3s1j48lV8ZghOj3/mL4n68Tp5sV6f/b6Z olX0pqH6E5iSy8BNBtrRF7r0yLfUewqwKlvOhT04zl3M26O2RD5HYWuxSxokXtkn kUGd/zhryOX5Duz+c7HAG9ZBl26zC9BCyaSbzlo6yj3HPi+AxtQKSLxFl+dQmtIg sWgQAKn056s6BWtdTbInUIzTV86LQ7Oa00QKobcLrVHwFi2mEZIRjmdDuR3oin7M DRdB89E4SdLGFe8cIw3oG60noyRObJitB2hjSoxuUdO/ZFAbUTbgfz0b44grS/YD njkGj067RRjmWP+GKRGp =cZzu -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ