oss-sec mailing list archives
Re: librsvg and cairo are causing libpng to write out-of-bounds
From: cve-assign () mitre org
Date: Thu, 27 Oct 2016 02:44:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
A patch was recently proposed: https://bugs.freedesktop.org/attachment.cgi?id=127421 thanks to John Bowler and his detailed analysis of this issue: https://bugs.freedesktop.org/show_bug.cgi?id=98165 Can we have a CVE, now that we know it was an integer overflow and we have a patch?
Yes, use CVE-2016-9082 for everything fixed by attachment.cgi?id=127421. Our understanding is that cairo is the primary affected product. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJYEaIXAAoJEHb/MwWLVhi2F84P/RGLhyp408cPps8/bkAIzpL5 zJ8/+sqWYlVfYt+Mwcd4InGIzxHhaBRtPbX7c8FsWRhySib7QRadPdnp4U9xUNXP o7Z4kV55WIaJhqo5soJT0kMBoI+itrktfJHFsyWnX3KGPvrsc+lembzQ0313Bw8f G8KSmcSIfEBChOPdqezTsVHggDpwPdmXjBrNrd44WbQJA95oUz9dr9VPknSX52Bw eBUJRuZ19EV3qlwaw0zrZcme1oqReyELGj8LRBLXGIbEbKfX9azjnHefWJXQW8qr N3iWWoKSHe2RMo61FcG0T75AVF+A8SCsnbrWsmR4tDMmV98KNqdEoBZmvqH0wrBH 1A3pfvLYE4b9y6IsuWOjSvncvnxaWjHL+U0Vl7ndvHjWUWx6FTXkNLy6+YtxOu7D wTfMhCSjaXtGoQS6yXYTJlHO1iFE9E3b/7p7Bn/Wgztba78OUUZQyVf4+jT49YQg dO3OlSx0piN/VSg3ow6+YBHcN9Hr4abgRjFQD9stw2Ski8AOnGZ6vAn5XYqP9xLG xbWdGECCFX3WlTrQwW/2yKV4B1QndNeqvnhYFTEKNxePPI4236mTHC49mP64SFVG qALbGd+izC6KRtK1TG6jmFze8wQ1zyfCg3pWd0wottDwoSDOIkUGLv+6U5Cpqz6O nve18XRyf0Tm9+hQQ8/X =3wl0 -----END PGP SIGNATURE-----
Current thread:
- librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 05)
- Re: librsvg and cairo are causing libpng to write out-of-bounds Glenn Randers-Pehrson (Oct 06)
- <Possible follow-ups>
- Re: librsvg and cairo are causing libpng to write out-of-bounds John Bowler (Oct 06)
- Re: Re: librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 26)
- Re: librsvg and cairo are causing libpng to write out-of-bounds cve-assign (Oct 26)
- Re: Re: librsvg and cairo are causing libpng to write out-of-bounds Gustavo Grieco (Oct 26)