Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 11 Apr 2016 00:39:01 -0400 (EDT)
From: cve-assign@...re.org
To: matthias@...lons.info
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: imlib2 - potential divide-by-zero in imlib_image_draw_ellipse

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> please provide a CVE ID for this issue in imlib2:
> 
> https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882

>> Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1) causes a divide-by-zero.

> Debian bug report from 2011:
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=639414

>> this bug has minor security implications (DoS for 
>> applications that issue draw command based on untrusted input).

Use CVE-2011-5326.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCyibAAoJEL54rhJi8gl5VRgP/ipfgG1QiVj0ZOxfVHta2T3t
yeIEMjWLpG9zFo1rGmJyDN/h0+UG/JSOQzM87l11INxceeUjHdN9FFSTDk3bN0rY
r9a1rUwrPUc/CV8F9Y90lA6AQ69pwj73mf3ylu66H5C5wWBo5ZNvjyqxvNaInIgO
o5SAKeiNMUdfjPryIK47GtBR/xp48Sl0GbG8S8GzYrhpA/lze39QG5RdmzYLJVWd
ktMlt5jE+oomypwtiJpe+MvpXHHu92AaVbZ6xnmk3Gv5/dttumU47xXLjAHCmz2i
cXJe4BVkB5hXWlQmg49V05Muivaec84blpN+OyRDfCnqWRp2dP6yBiWFBOJ/7KDX
zcWagbUHUoHR2GefHt9FSkiI65J/HINYYefhpSrNZK9gJxiE/ouJQXMyFV3eNvWm
IBGjoXR4wMcjuhx9W2bwRwTa9ILmWq375UVWm137cwOa/0QF0vo06qnFeuogtWlb
+OwV6m8/J+KZAYDQKR3viKOCTJGiUl/bB5CKdAGHpdXR1vbRqkydhc4tuLuQ64tn
fLXLdpAFDl/xGkRxcJu+7Ww7QHTvwH2daTfcVfzYQ8SSFuOWDx5ii31CPr1BkoOl
PcInntz6lAXdpgjqMaRUyP1QAD60H/la9/N6j2k4w1JN3EKKGsaZrQPhgN9aNNs2
8v8DY7QKNuVdyqT8idPB
=/w1g
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ