Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Feb 2016 19:20:05 -0800
From: Seth Arnold <>
Subject: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint,

Hello MITRE, all,

Virgil Grigoras and Vlad Orlov discovered an integer overflow flaw in
gtk+2.0 in image handling:

Bert Massop discovered the same issue in the gtk+3.0 codebase:

The fix replaces a direct height * cairo_stride multiplication with a call
to g_malloc_n() which knows how to multiply correctly:

-  cairo_pixels = g_malloc (height * cairo_stride);
+  cairo_pixels = g_malloc_n (height, cairo_stride);

This same bug appears to be copy-and-pasted to at least:
eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0*%20cairo_stride/page_0

I haven't been able to find CVEs assigned for any of these issues.


Related links:*%20cairo_stride/page_0

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ