oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: librsvg and cairo are causing libpng to write out-of-bounds

From: cve-assign () mitre org
Date: Thu, 27 Oct 2016 02:44:53 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


A patch was recently proposed:

https://bugs.freedesktop.org/attachment.cgi?id=127421

thanks to John Bowler and his detailed analysis of this issue:

https://bugs.freedesktop.org/show_bug.cgi?id=98165

Can we have a CVE, now that we know it was an integer overflow and we have
a patch?


Yes, use CVE-2016-9082 for everything fixed by
attachment.cgi?id=127421. Our understanding is that cairo is the
primary affected product.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYEaIXAAoJEHb/MwWLVhi2F84P/RGLhyp408cPps8/bkAIzpL5
zJ8/+sqWYlVfYt+Mwcd4InGIzxHhaBRtPbX7c8FsWRhySib7QRadPdnp4U9xUNXP
o7Z4kV55WIaJhqo5soJT0kMBoI+itrktfJHFsyWnX3KGPvrsc+lembzQ0313Bw8f
G8KSmcSIfEBChOPdqezTsVHggDpwPdmXjBrNrd44WbQJA95oUz9dr9VPknSX52Bw
eBUJRuZ19EV3qlwaw0zrZcme1oqReyELGj8LRBLXGIbEbKfX9azjnHefWJXQW8qr
N3iWWoKSHe2RMo61FcG0T75AVF+A8SCsnbrWsmR4tDMmV98KNqdEoBZmvqH0wrBH
1A3pfvLYE4b9y6IsuWOjSvncvnxaWjHL+U0Vl7ndvHjWUWx6FTXkNLy6+YtxOu7D
wTfMhCSjaXtGoQS6yXYTJlHO1iFE9E3b/7p7Bn/Wgztba78OUUZQyVf4+jT49YQg
dO3OlSx0piN/VSg3ow6+YBHcN9Hr4abgRjFQD9stw2Ski8AOnGZ6vAn5XYqP9xLG
xbWdGECCFX3WlTrQwW/2yKV4B1QndNeqvnhYFTEKNxePPI4236mTHC49mP64SFVG
qALbGd+izC6KRtK1TG6jmFze8wQ1zyfCg3pWd0wottDwoSDOIkUGLv+6U5Cpqz6O
nve18XRyf0Tm9+hQQ8/X
=3wl0
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: