Date: Tue, 15 May 2012 09:47:25 -0400 From: Eitan Adler <lists@eitanadler.com> To: gnome@freebsd.org Cc: ports-security@freebsd.org Subject: Fwd: [oss-security] CVE Request: gdk-pixbuf Integer overflow in XBM file loader Message-ID: <CAF6rxg=JMUi8mNqO%2BWHCi52brin_0wcZvOu2LNcmXz=jcx_tEw@mail.gmail.com> In-Reply-To: <4FB242F6.2090506@gentoo.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] A port you maintain may be insecure. Please update the port and write up a VuXML notice. ---------- Forwarded message ---------- From: Sean Amoss <ackle@gentoo.org> Date: 15 May 2012 07:50 Subject: [oss-security] CVE Request: gdk-pixbuf Integer overflow in XBM file loader To: oss-security@lists.openwall.com Hello, I have not seen a CVE assigned for this issue yet: "It's possible to crash any application with memory allocation error, or potentially corrupt heap because width/height parameters isn't properly verified." References: https://bugs.gentoo.org/show_bug.cgi?id=412033 https://bugs.launchpad.net/ubuntu/+source/gdk-pixbuf/+bug/681150 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=672811 Upstream commit: http://git.gnome.org/browse/gdk-pixbuf/commit/?id=4f0f465f991cd454d03189497f923eb40c170c22 Thanks, Sean -- Sean Amoss Gentoo Security | GLSA Coordinator E-Mail : ackle@gentoo.org GnuPG ID : E928357A GnuPG FP : E58A AABD DD2D 03AF 0A7A 2F14 1877 72EC E928 357A -- Eitan Adler [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iF4EAREIAAYFAk+yQvYACgkQAnl3SfnYR/g6PwD/eX/im+jDhw8L5ZC29RNBKB6/ uoni6e/6cdxnkO9PI24A/i6gh5RVQ3lc//8WM3u1DCkbYaN3NJQn1L/1bPRYMCQH =gTW6 -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAF6rxg=JMUi8mNqO%2BWHCi52brin_0wcZvOu2LNcmXz=jcx_tEw>