oss-sec mailing list archives
Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd
From: Gustavo Grieco <gustavo.grieco () gmail com>
Date: Wed, 13 Jul 2016 14:35:07 +0200
Another read out-of-bounds was found in the process of fixing CVE-2016-6132. Details are here: https://github.com/libgd/libgd/issues/247#issuecomment-232084241 In fact, the libgd developers confirmed that this issue is not the same as CVE-2016-6132. Please assign a CVE if suitable. Fortunately, both issues are fixed now. Thanks! 2016-06-30 17:48 GMT+02:00 <cve-assign () mitre org>:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256A read out-of-bands was found in the parsing of TGA files using the last revision of libgd (a6a0e7f) but older versions can be affected. A reproducer and some technical details are available here: https://github.com/libgd/libgd/issues/247AddressSanitizer: heap-buffer-overflow ... READ of size 4 ... in gdImageCreateFromTgaCtxUse CVE-2016-6132 for this buffer over-read issue. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXdT8ZAAoJEHb/MwWLVhi2SjkQAIges7jISzaEMV4SPSu9Di8B 4re9gzln2m8wIKQ3c9NLFGp5lR8fWCx73vSguwBUWVPBFCJZntup5rZlX/rq9P3+ fFmMhM8g+lsDczm5bNhqUp3lQbSGzts/gPMUbEWlKYKX4sNRdwzlIoxiHq2NxwcB ue/Ci1nNDkL2ykvfJA8z3twOm9kFu/qMY+CG6oZ5wA6HSRiRb7kxYCmUd1HMlDKb JOhjyJ+qMKwAaQbQKMERSOz03tvzCzCgZvmUOjtd0lsk7a/E1Q3wwPWJ8+wyBbdw DZalq2JBQyFNkQ/sy9NGWpya1OSLiuly7xwH+qOGuFmxlXpB87UWq1Mkq6+Hfib5 0pq4cKvdM3gBe1k1lXMAVxikTamvnLizMmRz+tcwHFoGCQoSTwuIegBst3vx9yIJ 7QEiq1ergZTJEpMoG6EtxBSsOejSfhWmRYkcGkaCusYrDdT2WXFly7zWAQtnL5qT 7X5QcpuYs/in7C0rY3UoJqOsDX7cO8b21g16Ya3pGyFjX5DIUr/ZPqSF2GcB6jXn /rPyeSvv1py40HWsvx8ZUQND9rgGn2g5CPIfEkYapp6IAYtJgA96jIORfuui4lEp +PAKIvn5LVsdAMcoq50RdOpCqD9VRjA1B6EgtZsjUs1bDsdB7qujm+wBIsu9vkGo qhxbyEP0bA9VFaM6jxMO =BZV9 -----END PGP SIGNATURE-----
Current thread:
- Re: CVE Request: A read out-of-bands was found in the parsing of TGA files using libgd Gustavo Grieco (Jul 13)