oss-sec mailing list archives
CVE request: libgpf: use-after-free vulnerability in Decoder.cpp
From: "Pengsu Cheng" <pcheng () gmx com>
Date: Thu, 20 Aug 2015 00:50:19 +0200
Name : libpgf Affected Version: <= 7.15.25 URL : http://www.libpgf.org Summary : PGF (Progressive Graphics File) library Description : libPGF contains an implementation of the Progressive Graphics File (PGF) which is a new image file format, that is based on a discrete, fast wavelet transform with progressive coding features. PGF can be used for lossless and lossy compression. An use-after-free issue in Decoder.cpp was reported to upstream. The problem is due to lack of validation of ColorTableSize. The bug was fixed by upstream: https://sourceforge.net/p/libpgf/code/147/ https://sourceforge.net/p/libpgf/code/148/ References: [1] Bug #1251749 - Use-after-free bug in Decoder.cpp https://bugzilla.redhat.com/show_bug.cgi?id=1251749 [2] https://admin.fedoraproject.org/updates/FEDORA-2015-13336/libpgf-6.14.12-4.fc23
Current thread:
- CVE request: libgpf: use-after-free vulnerability in Decoder.cpp Pengsu Cheng (Aug 19)
- Re: CVE request: libgpf: use-after-free vulnerability in Decoder.cpp cve-assign (Aug 25)