Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 17 Mar 2016 14:27:54 -0400 (EDT)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: [cairo] Out-of-bounds read in _fill_xrgb32_lerp_opaque_spans

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There is an out-of-bounds read in _fill_xrgb32_lerp_opaque_spans in cairo
> (crashing software that parses and renderizes a svg, for instance).
> 
> https://mail.gnome.org/archives/gnome-announce-list/2015-March/msg00047.html
> 
>   * Fix crash in _fill_xrgb32_lerp_opaque_spans when a span length is
>     negative.
> 
> https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934

Use CVE-2016-3190.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW6va/AAoJEL54rhJi8gl55wMP+wdDN0WUoBXS6Yt/8taiUQu6
iMKjMjEYZgd9vEgywQSRwmU4gEdAHWYDI23kKxNifiRAnSpyKeAKk31Y4NFxUMqu
bNsqmKVNNSZpC05K7mw3Akqng0EnZDS3p+Kxbbu5N8w8h/1CcHxlxnmYMf2qJ0zH
f5pn9bUskiWwL+WnxreqfrDR+x4iaixCfA8H52eyctb/6IeJc3awUTLkVYPtFEdK
xoPqhcZThFy5W+LVtP/+XXulFKoYPGGBkcolh6rurnhygmaZtrXe1NjtSR+Eb1qt
oPa2XiB5gofaXxtxq+QZmy2hQX+YKh+xoeAbpG/s8UPjOKi337BCw9jQlJGQzGpv
OoGDqc/F3rS11Wj5OGfTIoxGP7xkgZp9Zlgk38V3FaPbYnC/juzW6OQIozi/64Br
qF7h9cKl7QVQ+s1dqcAzuUk9ikpMy3tAV1OU+qexShBHPCwVn4/WSJ2H4PU3X/Bh
PHVwuFfoFWUrVqKsGKREsLpGIWxe8loEtFF4MjubSVMnhUUbpaQcli9ILy/yPC7G
QFVB6PklecJQ56k1Rk3eV5IFiAN3HDfT08shv1jWVHeVsOCWRCmGNKJdJKH2oL23
X8JvWB6R9fqMbjTb3krde1xe59vRsZzGRtjaPWwbqEmYOIsPyPIw6pQZP7GyJvC2
bRx6I2/qIfvVIUcsImnq
=DUiy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ