![]() |
|
Date: Wed, 13 Jul 2016 14:35:07 +0200 From: Gustavo Grieco <gustavo.grieco@...il.com> To: cve-assign@...re.org Cc: oss-security@...ts.openwall.com Subject: Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Another read out-of-bounds was found in the process of fixing CVE-2016-6132. Details are here: https://github.com/libgd/libgd/issues/247#issuecomment-232084241 In fact, the libgd developers confirmed that this issue is not the same as CVE-2016-6132. Please assign a CVE if suitable. Fortunately, both issues are fixed now. Thanks! 2016-06-30 17:48 GMT+02:00 <cve-assign@...re.org>: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > >> A read out-of-bands was found in the parsing of TGA files using the >> last revision of libgd (a6a0e7f) but older versions can be affected. A >> reproducer and some technical details are available here: >> >> https://github.com/libgd/libgd/issues/247 > >>> AddressSanitizer: heap-buffer-overflow ... >>> READ of size 4 >>> ... in gdImageCreateFromTgaCtx > > Use CVE-2016-6132 for this buffer over-read issue. > > - -- > CVE Assignment Team > M/S M300, 202 Burlington Road, Bedford, MA 01730 USA > [ A PGP key is available for encrypted communications at > http://cve.mitre.org/cve/request_id.html ] > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAEBCAAGBQJXdT8ZAAoJEHb/MwWLVhi2SjkQAIges7jISzaEMV4SPSu9Di8B > 4re9gzln2m8wIKQ3c9NLFGp5lR8fWCx73vSguwBUWVPBFCJZntup5rZlX/rq9P3+ > fFmMhM8g+lsDczm5bNhqUp3lQbSGzts/gPMUbEWlKYKX4sNRdwzlIoxiHq2NxwcB > ue/Ci1nNDkL2ykvfJA8z3twOm9kFu/qMY+CG6oZ5wA6HSRiRb7kxYCmUd1HMlDKb > JOhjyJ+qMKwAaQbQKMERSOz03tvzCzCgZvmUOjtd0lsk7a/E1Q3wwPWJ8+wyBbdw > DZalq2JBQyFNkQ/sy9NGWpya1OSLiuly7xwH+qOGuFmxlXpB87UWq1Mkq6+Hfib5 > 0pq4cKvdM3gBe1k1lXMAVxikTamvnLizMmRz+tcwHFoGCQoSTwuIegBst3vx9yIJ > 7QEiq1ergZTJEpMoG6EtxBSsOejSfhWmRYkcGkaCusYrDdT2WXFly7zWAQtnL5qT > 7X5QcpuYs/in7C0rY3UoJqOsDX7cO8b21g16Ya3pGyFjX5DIUr/ZPqSF2GcB6jXn > /rPyeSvv1py40HWsvx8ZUQND9rgGn2g5CPIfEkYapp6IAYtJgA96jIORfuui4lEp > +PAKIvn5LVsdAMcoq50RdOpCqD9VRjA1B6EgtZsjUs1bDsdB7qujm+wBIsu9vkGo > qhxbyEP0bA9VFaM6jxMO > =BZV9 > -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.