Date: Thu, 6 Oct 2016 17:02:16 -0700 From: John Bowler <john.cunningham.bowler@...il.com> To: oss-security@...ts.openwall.com Subject: Re: librsvg and cairo are causing libpng to write out-of-bounds The bug is not specific to librsvg. This instance happens in write_png inside cairo-png.c, but the actual bug is elsewhere. Other exploits probably exist using things other than PNG and SVG. I think this needs to be CVE'ed immediately. -- John Bowler <john.cunningham.bowler@...il.com> +1 (541) 450-9885 PO BOX 3151 KERBY OR 97531-3151 USA
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.