oss-sec mailing list archives
Re: CVE Requests for read out of bound in libpng
From: cve-assign () mitre org
Date: Mon, 26 Oct 2015 11:20:57 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
there is a memory read out of bound in libpng 1.2.* and 1.4.* , which is used in many operate systems and applications. it may leak information in the application .
this bug has been accepted and fixed in LIBPNG : http://sourceforge.net/p/libpng/bugs/241/
function png_convert_to_rfc1123 in png.c
when ptime->month is 0 (which gains from tIME chunk data ), the short_months[(ptime->month - 1) % 12] will return the memory before short_months
We'll take care of the bug by using "ptime->month - 1U" to ensure that the "%" operation returns a value in the range 0..11
Use CVE-2015-7981. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJWLkSCAAoJEL54rhJi8gl5zuMP/0xpC73vodJgAU6kElyJGLUG sNk8vNDZ0gTZbPIvlEhP5tLLLk9UPLCFbaCW9K7AxVtl5IA1/oPP2qY5dq8GOzNu Vfusqv4jLgMDwXom5MTaDMdYuGYoC9rq788uRoqRtKaAzh8fxt5jeszzJo/GwHHS 1QIpG0r2Ufxzu0XPFEo4xk+ZHs2sAiuIC9Df71I07dVrTen2b72R466G9sJGW7tH fC8qZfXOysDfjTedt+JW6/P3kIxKlnaPe69Zh9M6tkCItpk3r6WvR2R3eFTyONoZ s7ucaoYST1q9Z1+SIziC4zbljth1cvQysB4ozO485EvGFlX9hHEJISZnvKKWZhd+ 0RkGSvqybVjw6s6XDs3KE2un6tqYOZ7ocGc3jPGDcTNdhxWWWXOGzd6DM/peOc8t /NQrqdLw3wSeqZ2iVbPjK4ZS/BgdnbRrLqTJtJLf9IL35ycnx+kql42e/xWM+Y+z nMEXrmvBDyOLvKt9VsLpKnZ67YzoLXHI2gc8s6tQVkutRAinckFQT+rmihZpAVzV 8ViJBvXdv5a5Kzq1SZfLetTU0PTRJvQssovzg4j31wIYLVtNwdM+4uMblQqedxAw zvxf31woMdoW9SekK0zGLVm+DUrI1rdq0znAuBLHTbJEGkq0oHPV09/IeiyVVGkH UUYjAn+ovJHMEVH7ONBO =dvCw -----END PGP SIGNATURE-----
Current thread:
- CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 14)
- <Possible follow-ups>
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 21)
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 24)
- CVE Requests for read out of bound in libpng xiaoqixue_1 (Oct 25)
- Re: CVE Requests for read out of bound in libpng cve-assign (Oct 26)
- RE: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Evans, Jonathan L. (Oct 26)
- Re: CVE Requests for Drupal contributed modules (from SA-CONTRIB-2015-132 to SA-CONTRIB-2015-156) Pere Orga (Oct 24)