Date: Wed, 26 Oct 2016 19:21:24 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: CVE requests: some issues in gif2webp Hello, We recently reported some issues in gif2webp. These issues were tested in ArchLinux using libwebp 0.5.1 (recompiled with ASAN support). * NULL pointer derreference Bug report: https://bugs.chromium.org/p/webp/issues/detail?id=310 (private) Fix: https://chromium.googlesource.com/webm/libwebp/+/806f6279aef4de8deca01c8e727db4a508716e95 * Several integer overflows: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private) Fix: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 The reproducers are available upon request. Please assign CVEs if suitable. Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ