Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Apr 2016 10:24:23 -0400 (EDT)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: imlib2 - off-by-one OOB read in __imlib_MergeUpdate()

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
> 
> -  (T(xx, y).used & T_USED) && (xx < tw); xx++, ww++);
> +  (xx < tw) && (T(xx, y).used & T_USED); xx++, ww++);


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818

> Invalid read of size 1
> T(xx, y) addresses one byte out of buffer
> off-by-one error due to swapped condition order

Use CVE-2016-3993.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCl7GAAoJEL54rhJi8gl59FEQAMW3yzAq1QQQYjdy7XOAw2Nf
fSE86f1yzJY+cfK0k1107Rdva4b9AJ+qT6xw8a7Jn/HFIe7DHBgU+Vx6jO8AKKEI
ugr1KRfuDHWslYS2naZTX9Y2RCfpL82rBET6ZfUFa6uUvN44Ns5fzVhzYtwxemps
FuMYcVh/WUFBHaCi2kXHCzdGkCpV/d7bQ2YHeysMP/z2VKtglxXzyjOBnHaeERaM
T+lUExknVIjPioH1M2sdFF2kxsTZx80/vJUS7EuIc5bbj5X6N0aWuJvWjB/N5isb
eKvZ5RjNdlCCdCuCDxxj+VyCwi8gb0OY75IjIIS8Qm119OwFRts1UnrYI0hYfAnH
R1I8KAmDOMLfsVgUYHlDqXL2c4IbDE4ZvYbZPKWRWo3FhKQHy9lLrjAt6lryWZWG
3V13Pcf09x+zPhD0U3I0neiJDLUfI7QKztRhujjzhgbQsdv6dS0JFMQZ+Ebr0X1T
AAVsp5WYJtwLM78QgMahlyqoVrPVtu2UBJ+iJ0hTA4OnyVqMFFwKajGV0LqIRrkJ
oz08H2e2PrB+YjhLp3RHZPL7TejBsv1DAsU1RT63Lt1W0Lsxc+ho0tzNS+E+lLKZ
K9cXJ7pdD5NsVj6hQu0+h2B76tRLLSfvt8TQo8UHecvFQ5MvujpIAtsM6AXLh1/X
Ws91LdqvbB3pCAf2I2Vx
=U68g
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ