Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Sun, 10 Apr 2016 10:25:41 -0400 (EDT)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: imlib2 - GIF loader: OOB read

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
> GIF loader: Fix out-of-bound reads from colormap


> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
> libimlib2: GIF loader: out-of-bounds read

> Invalid read of size 1
> 
> cmap->Colors gets accessed on index 8, but just 0 to 3 would be valid
> 
> security implications (DoS and potential host memory exposure)

Use CVE-2016-3994.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCl7MAAoJEL54rhJi8gl5qXoP/0ixra6R9i1HUALR2iOJEtnk
vTfbn05noKq8NqhXJzqn49tK9OFDsWwufGGL5I/3lr0mzJmeQcp780LR182wcBd7
Mgdp7haeNTMCtNTuLglV0Z5umbfxCiAO0vMcpv8aDsGccm6o2cvc1q6iAivHgVmi
rmH22yPtjktiazNdTBfoiDgKfrW7KZ0vEawIdaQmL7dbt4YYriMVmAfKc2izAFUk
lL/SYhPNU3IuGwXzzFFWA1xq3wTWUVVf9bYg2/Tsq2BZsfI1ryVfjqK1GCAwHBX8
+d+V38D9PbI7sYQ0SvmsJQAS71ZYEyPadc9D+Kzf1I8d8fRFa/4ftog4auZbpvWj
QnLGs1ezV0hPeZA602gOMe9+ts2N+dW3nF2+rz/n0BwBsZ0yHZ2kf6OrbeqdUEcb
d3br+E2l9OsJ7EpJeSzG/lmJ1InCz50/pYjIU0Ig3UgZqkVpAHX7cQurLZeJq2ws
0SLKufxR8mVio+KId3csyBGtRBIBpYDBO6dNTR0A+5jdwoyoWn/b63z8cqL4+3oJ
11f0PlZZBZjjCY5ESg/oyFqvdS6c23UKirzab3SGF7tEvZUx90FC/alsD3uEa0Eq
eWp5wvsGd6U20qta4bku5QkFxZ8DgTtQv8loKwRiUp8218d5IjzL60D9hFAJ4Hcv
DnHFzuNitwKiQx8vjCbw
=lelm
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ