Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 10 Sep 2016 12:44:13 -0400 (EDT)
From: cve-assign@...re.org
To: ago@...too.org
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: autotrace: out-of-bounds write

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> with Address Sanitizer I found that each bmp you try to manage with autotrace
> causes an out-of-bounds write.
> 
> https://blogs.gentoo.org/ago/2016/09/10/autotrace-heap-based-buffer-overflow-in-pstoedit_suffix_table_init-output-pstoedit-c/

>> autotrace: heap-based buffer overflow in pstoedit_suffix_table_init (output-pstoedit.c)
>> 
>> AddressSanitizer: heap-buffer-overflow
>> WRITE of size 8

Use CVE-2016-7392.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX1Df+AAoJEHb/MwWLVhi2el8QALQETkVVm3W/OW5YeG8BHI+y
mukTPkQsJ08ToNBHyo6Q8DjAP6mLgR5sN65QGJfkCEbb+T2IJVPwJ17fYWfXeS+k
hc79XGKWhRHrz+KGhL/9ljkgNMrFfXWfZ2MkS+Vhkv2f68bPDATxYXJlyVt/vKus
UBwVk7DxfsURUe/hwWzzYiEFn2D8VyVaUkh+SveDQUbJWgytthNnvVBKGoeKXUzF
jjmzRHXuwh++gG+IA1lsns6tpxsGP1Or7izMPwIvjSY0leTWF9nNT+xNftU535RC
l0Bj4ldNeytGf3N9f6dqbUO4cuK6/Os73/QcplI2PXK7eV3y/8V+qmrFFgVn1u4p
hXO5X1oMsG9AYJirud9EzqCSvlSuxlpuSzm4UgzGqXt2tyFT1XMw593X3C0RK0mt
pWgt5RW6xrKNiEjL9muog4koPBiADGj1RyiOHJc7C+yrZ71+4pYq4NtEld3AUhPR
x1cOss+Vu2MINRfFjlLhRFfhFIFNsit0HgxTH+2SMzwBZovXGrgLY+i2mC2WEwPt
R4QXL0yuV2vIopghiH2Z2i8oWee6ukGTZk5ivmDElG/Hzr6COvUA0lTEsrkSNnXR
JBJZBuEO2v55X/edX7C5chUaJxy82lPBjkJLNVZDHnI5wG5Qp6fbKBe4tVvAIHjU
Q3X6ps58802kUEaVqOxq
=poZW
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.