Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Tue,  5 Jul 2016 18:37:54 -0400 (EDT)
From: cve-assign@...re.org
To: carnil@...ian.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request: libgd: global out of bounds read when encoding gif from malformed input with gd2togif

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The following (older) issue in libgd's issue tracker can be found,
> with possible security impact for applications using the libgd
> library. If I see it correctly this is not an issue in the gd2togif
> utility but in the library. It was reported upstream as:
> 
> https://github.com/libgd/libgd/issues/209
> 
> with the fix
> 
> https://github.com/libgd/libgd/commit/82b80dcb70a7ca8986125ff412bceddafc896842 (gd-2.2.0)

>> a global out of bounds read error in the function output (gd_gif_out.c), called by compress/GifEncode.
>> 
>> AddressSanitizer: global-buffer-overflow
>> READ of size 8

>> gif: avoid out-of-bound reads of masks array #209
>> 
>> When given invalid inputs, we might be fed the EOF marker before it is
>> actually the EOF. The gif logic assumes once it sees the EOF marker,
>> there won't be any more data, so it leaves the cur_bits index possibly
>> negative. So when we get more data, we underflow the masks array.

Use CVE-2016-6161.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXfDSTAAoJEHb/MwWLVhi291kP/0mIr94IjDU3rIIqgymCSiz9
m5TKKASC1ICrj8uGWJevV0Vgis/XOLsnq89r7wPYBBpRn1h8HnSpHsjCCT6vlVUS
ljg0+xmu4jzA9mDWWqlXGJogovThM+nlDVRLLyb7yxEVV1XKZ5AzVoZ8oZBEkETW
hyDaCguy6vvcf5iWiwQU+cy2yM0b4RPs4w6yAgfgGx6I3C4WwDWQgDH+Ps8TS520
3Rf/3r+iPP6OVosoUIDBrJdUwXfmFtj4iMPi3akWHkj9r8Z0LoGRw5OOOWp6zPNS
ud1qzKTKFRSkoiFfSk2/5kn3mGm6NcOIr8liOI/KKSzLNPHk9LEWJXcp6Pm9AePD
vBO+YNpjgvttj4a9ipaiujfn1FL+bU0qKFOjp0/VXEwp5G14tvf/6TJ7SubDQ/gL
FDvM2AUNqRunHdvpy2vp6oX72dcbHlgAvwPAB0okKnhqHPafQkLcnpTUTD57WR0d
WyLC4Klxo3VgkspOVQQDXILZiWMsextr++qn3A9MTHoYfk2/hRCnJKvrHKMKyOFI
5+Oc0WwYY3o5gzcCqCY/RBIM5KT2c1bpLydNt7qEDVzwMl1qLOCQVmgKi0vyYeWl
mBCRCvnTOBLBNFil0t3YIobAGAsp15dskqugLXvLgphqyrPLyBsC/y1iM87OUs0j
O5Dvc/nzWsBu5TRltQAF
=pdF0
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ