oss-sec mailing list archives
Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation
From: cve-assign () mitre org
Date: Thu, 14 Apr 2016 15:49:11 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
an integer overflow in imlib2, which result in insufficient heap allocation. https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
there are a lot of code that allocates image data with something like malloc(w * h * sizeof(DATA32)); Obviously, on 32-bit machines this results in integer overflow, insufficient heap allocation, with [massive] out-of-bounds heap overwrite.
- #define X_MAX_DIM 46340
+ #define X_MAX_DIM 32767
Use CVE-2016-4024. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXD/NlAAoJEL54rhJi8gl5RfQQAL/khJP7I45NWzsmfikEOqry 5+/yWayIM27k/4YauR/ijslSeQB6yH/qhqha0Xai2mMxJovHGOoY0fdMSyNLCqrG EkuGVhKk3mNo98jNUyUEGFNfYJwg5TuQyzXZi/qSrsaQLZ5IGZO3O9K+Io3xrbqb Qescx6U9+0V8H8UoSNNYmawYwCD/Iw1U05b4e8HI2eWg50NW/75GPO0mCyB+ymyr KCIsF69/iWft+i8JRZ1yvivL3QSb22ltwsxDXsZgtPedxW14MBlzakJ/HZOfkhV/ /efcM/4jWyg48SxvBS+4JsaXuabH5xBrvq7OahABZrIL2EnDthe0MMUvEqgXS4im yiwzyPbZYubo0CBFMLCRrhdOE6MSUPEQnZM58jWfHSTzO9XOTHgFwCafRaocTw63 Q6I7lW15ofV8xncQorRYzFhxxYp2aNFDgfGvYEUUQOUdKDtoDDNKWZIifZd/eZYj +noTSvwIZv5lQUQkJdRQWlFCnkJC+sfkmZYGpbtCQgg0qq1pp5vifTeJ17lAlVQh Cv838A3tnimTqg1HKpATjY+rgm+Pdu14oTypcBHz3a0BEPfFqf6MMrS+oaCEyheX UehdlrK4HVJ9tDsZjQk4To0ouBXtmvkvLMCyY/AF9FR7maQykgtSArbTkHiyF75F aVqw/STiET+EoipSAhhm =3vdb -----END PGP SIGNATURE-----
Current thread:
- CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Salvatore Bonaccorso (Apr 14)
- Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation cve-assign (Apr 14)
- Re: CVE Request: imlib2: integer overflow resulting in insufficient heap allocation Loganaden Velvindron (Apr 19)