Date: Thu, 20 Aug 2015 00:50:19 +0200 From: "Pengsu Cheng" <pcheng@....com> To: oss-security@...ts.openwall.com Subject: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp Name : libpgf Affected Version: <= 7.15.25 URL : http://www.libpgf.org Summary : PGF (Progressive Graphics File) library Description : libPGF contains an implementation of the Progressive Graphics File (PGF) which is a new image file format, that is based on a discrete, fast wavelet transform with progressive coding features. PGF can be used for lossless and lossy compression. An use-after-free issue in Decoder.cpp was reported to upstream. The problem is due to lack of validation of ColorTableSize. The bug was fixed by upstream: https://sourceforge.net/p/libpgf/code/147/ https://sourceforge.net/p/libpgf/code/148/ References:  Bug #1251749 - Use-after-free bug in Decoder.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1251749  https://admin.fedoraproject.org/updates/FEDORA-2015-13336/libpgf-6.14.12-4.fc23
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.