oss-sec mailing list archives

Re: CVE request: GIF loader buffer overflow when initializing decompression tables

From: Tomas Hoger <thoger () redhat com>
Date: Fri, 19 Aug 2011 10:25:34 +0200

On Tue, 2 Aug 2011 17:34:28 +0200 Thomas Biege wrote:

The same flaw was previously reported for several other components
that include GIF reading code based on David Koblas' parser, such as:
gd (CVE-2006-4484), SDL_image (CVE-2007-6697), tk (CVE-2008-0553),
netbpm (CVE-2008-0554), cups (CVE-2008-1373).


The similar was spotted in XPCE when reviewing upstream
fix for CVE-2011-2896:

http://www.swi-prolog.org/bugzilla/show_bug.cgi?id=7#c2

-- 
Tomas Hoger / Red Hat Security Response Team

Current thread:

CVE request: GIF loader buffer overflow when initializing decompression tables Thomas Biege (Aug 02)
- Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 03)
- Re: CVE request: GIF loader buffer overflow when initializing decompression tables Tomas Hoger (Aug 19)