Date: Mon, 11 Apr 2016 19:37:51 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: Large amount of uninitialized values in svg parsing and processing Hi, A large amount of uninitialized values in the parsing and processing of svg files using librsvg and related libraries (e.g, libcairo) are causing undefined behaviors. Some of these issues are originated in librsvg, some in libcairo and others (libpixman maybe). Some relevant technical details are available here: https://bugs.freedesktop.org/show_bug.cgi?id=92904 As a result of this, just browsing svg files using the open dialog of Firefox/Chromium can lead to unexpected or undefined behavior. Other applications using librsvg are likely affected. Regards, Gus.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ