Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Feb 2016 19:20:05 -0800
From: Seth Arnold <>
Subject: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint,

Hello MITRE, all,

Virgil Grigoras and Vlad Orlov discovered an integer overflow flaw in
gtk+2.0 in image handling:

Bert Massop discovered the same issue in the gtk+3.0 codebase:

The fix replaces a direct height * cairo_stride multiplication with a call
to g_malloc_n() which knows how to multiply correctly:

-  cairo_pixels = g_malloc (height * cairo_stride);
+  cairo_pixels = g_malloc_n (height, cairo_stride);

This same bug appears to be copy-and-pasted to at least:
eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0*%20cairo_stride/page_0

I haven't been able to find CVEs assigned for any of these issues.


Related links:*%20cairo_stride/page_0

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.