Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 11 Apr 2016 19:37:51 +0200
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: Large amount of uninitialized values in svg parsing and processing

Hi,

A large amount of uninitialized values in the parsing and processing of svg
files using librsvg and related libraries (e.g, libcairo) are causing
undefined behaviors. Some of these issues are originated in librsvg, some
in libcairo and others (libpixman maybe). Some relevant technical details
are available here:

https://bugs.freedesktop.org/show_bug.cgi?id=92904

As a result of this, just browsing svg files using the open dialog of
Firefox/Chromium can lead to unexpected or undefined behavior. Other
applications using librsvg are likely affected.

Regards,
Gus.

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.