oss-sec mailing list archives
Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1
From: cve-assign () mitre org
Date: Fri, 2 Oct 2015 13:13:39 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
We found a heap overflow and a DoS in the gdk-pixbuf implementation triggered by the scaling of tga file. These issues are only fixed in the recent release of gdk-pixbuf 2.32.1 it was fixed in 2.32.0 with the 3 commits starting with https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
This means: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e Use CVE-2015-7673. Apparently the cause of the issue was use of heap memory after an allocation failure. The original CVE request said "< 2.32.1" and "only fixed in ... 2.32.1" but then a followup message said "fixed in 2.32.0" instead. We think the latter is correct. The entry in the 2.32.0 changelog is shown in: https://git.gnome.org/browse/gdk-pixbuf/commit/?id=02a76ac6956ee1418da926d6f2cedb78525495b7 Responding to:
From: Kurt Seifried <kseifried () redhat com> Date: Thu, 1 Oct 2015 08:04:12 -0600 I know on our end there was some confusion as to whether or not this is the same flaw or closely related to https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
CVE-2015-4491 from mfsa2015-88 has different affected versions. Also, that CVE is only for an integer overflow. If missing allocation-failure checking before ffec86ed5010c5a2be14f47b33bcf4ed3169a199 is separately exploitable, then another CVE ID could be assigned. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWDro2AAoJEL54rhJi8gl5D54QAK/Vzop01NHL5zZpZlBwzrGZ 8dLEBvFTqXPjItMwhmLGNV/R9M59T3LEtRyENG45lMyDECuKsMVoL696Q87h16+c Gweir8ZcVC19QxMBpwn4ITiXZ3JRnLgHqEZAp+6eI4zlW4GFkpyXxF3E3YR/U3mv Bace8L3FoAq9jVqgMsHdVzZWyeUpKL9FZbRDE9wsimOg1mFIrZ/ZLW5qlFDdoxVt GqbeBpr2F+8678HQh+DIaDfyLmqSj0RCO4qBtOOoQzQ9VU+JL8TvMJE2883rwVq+ +JHf81c8ABZmqYrn/oh8AMr8WggesZRd1Q/0r+Tb7/w1FGv/qPa6JsNglrOxDxT3 AEBfTUrllJpmfrX8VQFTTNecagLwPMC3s1j48lV8ZghOj3/mL4n68Tp5sV6f/b6Z olX0pqH6E5iSy8BNBtrRF7r0yLfUewqwKlvOhT04zl3M26O2RD5HYWuxSxokXtkn kUGd/zhryOX5Duz+c7HAG9ZBl26zC9BCyaSbzlo6yj3HPi+AxtQKSLxFl+dQmtIg sWgQAKn056s6BWtdTbInUIzTV86LQ7Oa00QKobcLrVHwFi2mEZIRjmdDuR3oin7M DRdB89E4SdLGFe8cIw3oG60noyRObJitB2hjSoxuUdO/ZFAbUTbgfz0b44grS/YD njkGj067RRjmWP+GKRGp =cZzu -----END PGP SIGNATURE-----
Current thread:
- CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Kurt Seifried (Oct 01)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Andreas Stieger (Oct 05)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 05)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 Kurt Seifried (Oct 01)
- Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1 cve-assign (Oct 02)