Date: Wed, 26 Oct 2016 19:21:24 -0300 From: Gustavo Grieco <gustavo.grieco@...il.com> To: oss-security@...ts.openwall.com Subject: CVE requests: some issues in gif2webp Hello, We recently reported some issues in gif2webp. These issues were tested in ArchLinux using libwebp 0.5.1 (recompiled with ASAN support). * NULL pointer derreference Bug report: https://bugs.chromium.org/p/webp/issues/detail?id=310 (private) Fix: https://chromium.googlesource.com/webm/libwebp/+/806f6279aef4de8deca01c8e727db4a508716e95 * Several integer overflows: Report: https://bugs.chromium.org/p/webp/issues/detail?id=314 (private) Fix: https://chromium.googlesource.com/webm/libwebp/+/e2affacc35f1df6cc3b1a9fa0ceff5ce2d0cce83 The reproducers are available upon request. Please assign CVEs if suitable. Regards, Gustavo.
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.