Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 5 Oct 2015 12:28:06 +0200
From: Andreas Stieger <astieger@...e.com>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: Heap overflow with a gif file in
 gdk-pixbuf < 2.32.1

Hello,

On 10/01/2015 03:03 PM, Gustavo Grieco wrote:
> We found a heap overflow in the gdk-pixbuf implementation triggered by the
> scaling of gif file.These issues are only fixed in the recent release of
> gdk-pixbuf 2.32.1 but affects older versions (we tested it in a fully
> updated Ubuntu 14.04).
>
> These issues were found using QuickFuzz.

Could you please share you fuzzed sample?

Thanks,
Andreas

-- 
Andreas Stieger <astieger@...e.com>
Project Manager Security
SUSE Linux GmbH, GF: Felix Imend├Ârffer, Jane Smithard, Graham Norton, HRB 21284 (AG N├╝rnberg)



Download attachment "signature.asc" of type "application/pgp-signature" (802 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ