oss-sec mailing list archives

Re: CVE request: imlib2 integer overflow

From: cve-assign () mitre org
Date: Sun, 10 Apr 2016 10:21:59 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

https://git.enlightenment.org/legacy/imlib2.git/commit/?id=143f2993d7ccb73b26bb83abac6fa86f443981f9

Make IMAGE_DIMENSIONS_OK() more restrictive
Prevents invalid reads and unreasonably large memory allocations

Invalid read of size 1

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=820206
imlib2: potentially exploitable integer overflows

https://bugzilla.redhat.com/show_bug.cgi?id=1324774
imlib2: exploitable integer overflow in _imlib_SaveImage


Use CVE-2014-9771.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXCl65AAoJEL54rhJi8gl5jHAP/18fovC2vayH3h8K29nxAn2c
yA320vfDlnq9l7zdHYT0paBlU8cInmCX1YS0E+1gkaPtwPWfcbKzMtl73MIddWc9
6ADdSyQYs6hRMiPGy8D4VI2o2M3wxCIRRprjZrMx1mOl61qu9DIdmIkdDFTUuvuv
wsir9F6i+ENgfNvW0YHgmFcJrJ1YfOr7tfRKnm1xRi+5PkSukqqrKmc26UX94i7/
o5d227DsX77cUP6seN2XZnvHL1UZhCvLT1O2NS5h6q1z5L/BnFLOwnOz7psaPlv/
nFy7QKp6hWfAzPjaMuS52+DUdl9Py2nE9m/+lMArW5akilLoQ2P1O7BVnBCsiSQy
X2JO8n9iwHe/gF4Md6y7Xty1y1QcOqPzzK4yGosUeOhsL+1rgt6CrqgoniddGkfX
BKlbrhgOsS7apWnT3BHGLDz1HAIh1hr10a8o7dDnicC1iFYJxf3UZmGl9lmR6NPY
AZM5+zi4L1mVmwdQK95dIkKH9gcbt2Q3Lkc4Js4hftmFyU9BgiYO2Z/jrSkfsgiY
K79ysPGxjqav/1anOoJgQc9ygNBKeirDa5dnz8Op6ncvAjxGq8twgZF7vgDQ0NTT
wf5v/KalMsT5hsDmWEUMi8KD/feKuSprMdK9zbCw+bzN6jjYriQzoCHLeoMUbaKI
7e4XGMXRnZFMN08WUd6Z
=AZsh
-----END PGP SIGNATURE-----

Current thread:

CVE request: imlib2 integer overflow Matthias Geerdsen (Apr 09)
- Re: CVE request: imlib2 integer overflow cve-assign (Apr 10)