oss-sec mailing list archives
Re: CVE request: XEmacs Multiple Integer Overflows
From: Vincent Danen <vdanen () redhat com>
Date: Wed, 5 Aug 2009 08:30:54 -0600
* [2009-08-05 13:53:50 +0200] Thomas Biege wrote:
Hello, was a CVE-ID allocated for this issue in the meanwhile?
I don't believe so. We've not seen one, at any rate.
On Thu, Jul 16, 2009 at 09:25:41AM +0200, Alex Legler wrote:Hi, I don't think we have a CVE for this/these issue(s) yet, so please assign one/some: The {tiff,png,jpeg}_instantiate() functions in glyphs-eimage.c contain an integer overflow, possibly leading to a heap-based buffer overflow. References: Filed upstream as: http://tracker.xemacs.org/XEmacs/its/issue534 http://secunia.com/advisories/35348 http://www.vupen.com/english/advisories/2009/1666 https://bugs.gentoo.org/show_bug.cgi?id=275397 https://bugzilla.redhat.com/show_bug.cgi?id=511994
--Vincent Danen / Red Hat Security Response Team
Current thread:
- CVE request: XEmacs Multiple Integer Overflows Alex Legler (Jul 16)
- Re: CVE request: XEmacs Multiple Integer Overflows Thomas Biege (Aug 05)
- Re: CVE request: XEmacs Multiple Integer Overflows Vincent Danen (Aug 05)
- Re: CVE request: XEmacs Multiple Integer Overflows Steven M. Christey (Aug 05)
- Re: CVE request: XEmacs Multiple Integer Overflows Vincent Danen (Aug 05)
- Re: CVE request: XEmacs Multiple Integer Overflows Thomas Biege (Aug 05)