Date: Mon, 5 Oct 2015 12:28:06 +0200 From: Andreas Stieger <astieger@...e.com> To: oss-security@...ts.openwall.com Subject: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Hello, On 10/01/2015 03:03 PM, Gustavo Grieco wrote: > We found a heap overflow in the gdk-pixbuf implementation triggered by the > scaling of gif file.These issues are only fixed in the recent release of > gdk-pixbuf 2.32.1 but affects older versions (we tested it in a fully > updated Ubuntu 14.04). > > These issues were found using QuickFuzz. Could you please share you fuzzed sample? Thanks, Andreas -- Andreas Stieger <astieger@...e.com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg) Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ