Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 6 Oct 2016 17:02:16 -0700
From: John Bowler <john.cunningham.bowler@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: librsvg and cairo are causing libpng to write out-of-bounds

The bug is not specific to librsvg.  This instance happens in
write_png inside cairo-png.c, but the actual bug is elsewhere.  Other
exploits probably exist using things other than PNG and SVG.  I think
this needs to be CVE'ed immediately.

-- 
John Bowler <john.cunningham.bowler@...il.com>
+1 (541) 450-9885
PO BOX 3151
KERBY OR 97531-3151
USA

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ