Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 11 Apr 2016 19:37:51 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: Large amount of uninitialized values in svg parsing and processing

Hi,

A large amount of uninitialized values in the parsing and processing of svg
files using librsvg and related libraries (e.g, libcairo) are causing
undefined behaviors. Some of these issues are originated in librsvg, some
in libcairo and others (libpixman maybe). Some relevant technical details
are available here:

https://bugs.freedesktop.org/show_bug.cgi?id=92904

As a result of this, just browsing svg files using the open dialog of
Firefox/Chromium can lead to unexpected or undefined behavior. Other
applications using librsvg are likely affected.

Regards,
Gus.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ