Date: Fri, 2 Oct 2015 13:13:39 -0400 (EDT) From: cve-assign@...re.org To: gustavo.grieco@...il.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 > We found a heap overflow and a DoS in the gdk-pixbuf implementation > triggered by the scaling of tga file. These issues are only fixed in the > recent release of gdk-pixbuf 2.32.1 > > it was fixed in 2.32.0 with the 3 commits > starting with > https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d This means: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e Use CVE-2015-7673. Apparently the cause of the issue was use of heap memory after an allocation failure. The original CVE request said "< 2.32.1" and "only fixed in ... 2.32.1" but then a followup message said "fixed in 2.32.0" instead. We think the latter is correct. The entry in the 2.32.0 changelog is shown in: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=02a76ac6956ee1418da926d6f2cedb78525495b7 Responding to: > From: Kurt Seifried <kseifried@...hat.com> > Date: Thu, 1 Oct 2015 08:04:12 -0600 > > I know on our end there was some > confusion as to whether or not this is the same flaw or closely related to > https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/ CVE-2015-4491 from mfsa2015-88 has different affected versions. Also, that CVE is only for an integer overflow. If missing allocation-failure checking before ffec86ed5010c5a2be14f47b33bcf4ed3169a199 is separately exploitable, then another CVE ID could be assigned. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWDro2AAoJEL54rhJi8gl5D54QAK/Vzop01NHL5zZpZlBwzrGZ 8dLEBvFTqXPjItMwhmLGNV/R9M59T3LEtRyENG45lMyDECuKsMVoL696Q87h16+c Gweir8ZcVC19QxMBpwn4ITiXZ3JRnLgHqEZAp+6eI4zlW4GFkpyXxF3E3YR/U3mv Bace8L3FoAq9jVqgMsHdVzZWyeUpKL9FZbRDE9wsimOg1mFIrZ/ZLW5qlFDdoxVt GqbeBpr2F+8678HQh+DIaDfyLmqSj0RCO4qBtOOoQzQ9VU+JL8TvMJE2883rwVq+ +JHf81c8ABZmqYrn/oh8AMr8WggesZRd1Q/0r+Tb7/w1FGv/qPa6JsNglrOxDxT3 AEBfTUrllJpmfrX8VQFTTNecagLwPMC3s1j48lV8ZghOj3/mL4n68Tp5sV6f/b6Z olX0pqH6E5iSy8BNBtrRF7r0yLfUewqwKlvOhT04zl3M26O2RD5HYWuxSxokXtkn kUGd/zhryOX5Duz+c7HAG9ZBl26zC9BCyaSbzlo6yj3HPi+AxtQKSLxFl+dQmtIg sWgQAKn056s6BWtdTbInUIzTV86LQ7Oa00QKobcLrVHwFi2mEZIRjmdDuR3oin7M DRdB89E4SdLGFe8cIw3oG60noyRObJitB2hjSoxuUdO/ZFAbUTbgfz0b44grS/YD njkGj067RRjmWP+GKRGp =cZzu -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.