oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: lcms 1.x buffer overflows

From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 21 Aug 2013 14:20:52 -0600
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/05/2013 06:49 AM, Raphael Geissert wrote:

On 5 August 2013 07:25, Thijs Kinkhorst <thijs () debian org> wrote:

Buffer overflows have been reported in Little CMS 1.x: 
http://bugs.debian.org/718682


Just a quick note: one of the affected parts of the code is a
sample and the other is the tiffdiff(1) tool, where the buffer
overflow is triggered by the file names passed as arguments.

Cheers,



can you post the filenames/affected code? thanks.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSFSEkAAoJEBYNRVNeJnmTLoMP/2GqTFo8AXhrLL5OCV3L203F
52/8LwiniM/gZ2IZpC5iPdyAXQKjgm+L99tsXQjD0XQBoz5oIvMtkv+MVX5hjTir
fXZwS6YiBn9PIWzd8JtcBm92SqEZ7N9A6r/uJecLY45dvVNioA8d/uWu4id96DnH
jal8y/NsHeLRoq7apYg37rpqLOURD7Qt7GxD+ZANXPYXIjSIPoh9nBPctemvTlFP
8qeuJfGYcbjnqVf+VSQ3gJot+39azC48t0NxhQqriuVspt/cZ0XXGoYtCOMA3xML
GZeOKvZVUwkIQ5tJpWwlMfvMJHZ0uMezveXrcJM+m5dzGGSbIuYuluDEkhmRfd3K
GlBfPfZW4ddPFCXIouMdxlebHdn5gVar1SIfoo4mCRxJZE/Tmaq0vBb+gm5E2dzq
47GnxeLK7hEmTNryagoGUncivOl8JuXQiIK1Jx8pMg+bNUTEWr4XiBsD7knjDNB2
41EgzIRz/x3+Ax00uc006lJslrOUBrCU65oBudfrOWICLzI9PkIroamZ1F/Jc/sW
QUgMPyz1Jeg02T1DhGu+YdgVWaE3zP5C5VJ/y7TkrJYSktD6s0IVgUJk1jlzsGg4
jOM0je5510SMylPPiNCxWVFYOtCoMA8PCQHmL9esL237w/oscKwmk7CTGM0OiMkS
1KfBpahLipmG4imnbhGZ
=z5DM
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: