Date: Sun, 15 May 2016 09:05:03 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: Brian May <brian@...uxpenguins.xyz> Cc: oss-security@...ts.openwall.com, cve-assign@...re.org Subject: Re: Re: CVE requests: DoS in librsvg parsing SVGs with circular definitions 2016-05-11 0:36 GMT+02:00 Brian May <brian@...uxpenguins.xyz>: > Just did a git bisect against the source. Assuming I got this right, the > following commits fixed the issue. Thanks for taking the time to do the git bisect! > >>> They affect the following functions: >> >>> * rsvg_cairo_pop_discrete_layer - rsvg_cairo_pop_render_stack - >>> rsvg_cairo_generate_mask: reproducible using circular-1.svg >> >> Use CVE-2016-4347. > > Fixed in: > > commit a51919f7e1ca9c535390a746fbf6e28c8402dc61 > Author: Benjamin Otte <otte@...hat.com> > Date: Wed Oct 7 08:45:37 2015 +0200 > > rsvg: Add rsvg_acquire_node() > > This function does proper recursion checks when looking up resources > from URLs and thereby helps avoiding infinite loops when cyclic > references span multiple types of elements. I think CVE-2016-4347 and CVE-2015-7558 (stack exhaustion due to cyclic dependency, reported here: http://www.openwall.com/lists/oss-security/2015/12/21/5) are in fact, the same issue. This is probably my fault (sorry!). MITRE: We should reject the the newly assigned one? Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ