Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Apr 2016 10:21:59 -0400 (EDT)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: imlib2 integer overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f2993d7ccb73b26bb83abac6fa86f443981f9
> 
> Make IMAGE_DIMENSIONS_OK() more restrictive
> Prevents invalid reads and unreasonably large memory allocations

> Invalid read of size 1


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820206
> imlib2: potentially exploitable integer overflows


> https://bugzilla.redhat.com/show_bug.cgi?id=1324774
> imlib2: exploitable integer overflow in _imlib_SaveImage

Use CVE-2014-9771.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCl65AAoJEL54rhJi8gl5jHAP/18fovC2vayH3h8K29nxAn2c
yA320vfDlnq9l7zdHYT0paBlU8cInmCX1YS0E+1gkaPtwPWfcbKzMtl73MIddWc9
6ADdSyQYs6hRMiPGy8D4VI2o2M3wxCIRRprjZrMx1mOl61qu9DIdmIkdDFTUuvuv
wsir9F6i+ENgfNvW0YHgmFcJrJ1YfOr7tfRKnm1xRi+5PkSukqqrKmc26UX94i7/
o5d227DsX77cUP6seN2XZnvHL1UZhCvLT1O2NS5h6q1z5L/BnFLOwnOz7psaPlv/
nFy7QKp6hWfAzPjaMuS52+DUdl9Py2nE9m/+lMArW5akilLoQ2P1O7BVnBCsiSQy
X2JO8n9iwHe/gF4Md6y7Xty1y1QcOqPzzK4yGosUeOhsL+1rgt6CrqgoniddGkfX
BKlbrhgOsS7apWnT3BHGLDz1HAIh1hr10a8o7dDnicC1iFYJxf3UZmGl9lmR6NPY
AZM5+zi4L1mVmwdQK95dIkKH9gcbt2Q3Lkc4Js4hftmFyU9BgiYO2Z/jrSkfsgiY
K79ysPGxjqav/1anOoJgQc9ygNBKeirDa5dnz8Op6ncvAjxGq8twgZF7vgDQ0NTT
wf5v/KalMsT5hsDmWEUMi8KD/feKuSprMdK9zbCw+bzN6jjYriQzoCHLeoMUbaKI
7e4XGMXRnZFMN08WUd6Z
=AZsh
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ