Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Sep 2016 12:44:13 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: autotrace: out-of-bounds write

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> with Address Sanitizer I found that each bmp you try to manage with autotrace
> causes an out-of-bounds write.
> 
> https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/

>> autotrace: heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c)
>> 
>> AddressSanitizer: heap-buffer-overflow
>> WRITE of size 8

Use CVE-2016-7392.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX1Df+AAoJEHb/MwWLVhi2el8QALQETkVVm3W/OW5YeG8BHI+y
mukTPkQsJ08ToNBHyo6Q8DjAP6mLgR5sN65QGJfkCEbb+T2IJVPwJ17fYWfXeS+k
hc79XGKWhRHrz+KGhL/9ljkgNMrFfXWfZ2MkS+Vhkv2f68bPDATxYXJlyVt/vKus
UBwVk7DxfsURUe/hwWzzYiEFn2D8VyVaUkh+SveDQUbJWgytthNnvVBKGoeKXUzF
jjmzRHXuwh++gG+IA1lsns6tpxsGP1Or7izMPwIvjSY0leTWF9nNT+xNftU535RC
l0Bj4ldNeytGf3N9f6dqbUO4cuK6/Os73/QcplI2PXK7eV3y/8V+qmrFFgVn1u4p
hXO5X1oMsG9AYJirud9EzqCSvlSuxlpuSzm4UgzGqXt2tyFT1XMw593X3C0RK0mt
pWgt5RW6xrKNiEjL9muog4koPBiADGj1RyiOHJc7C+yrZ71+4pYq4NtEld3AUhPR
x1cOss+Vu2MINRfFjlLhRFfhFIFNsit0HgxTH+2SMzwBZovXGrgLY+i2mC2WEwPt
R4QXL0yuV2vIopghiH2Z2i8oWee6ukGTZk5ivmDElG/Hzr6COvUA0lTEsrkSNnXR
JBJZBuEO2v55X/edX7C5chUaJxy82lPBjkJLNVZDHnI5wG5Qp6fbKBe4tVvAIHjU
Q3X6ps58802kUEaVqOxq
=poZW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ