oss-sec mailing list archives
Re: CVE request: lcms 1.x buffer overflows
From: "Thijs Kinkhorst" <thijs () debian org>
Date: Wed, 21 Aug 2013 22:52:33 +0200
On Wed, August 21, 2013 22:20, Kurt Seifried wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/05/2013 06:49 AM, Raphael Geissert wrote:On 5 August 2013 07:25, Thijs Kinkhorst <thijs () debian org> wrote:Buffer overflows have been reported in Little CMS 1.x: http://bugs.debian.org/718682Just a quick note: one of the affected parts of the code is a sample and the other is the tiffdiff(1) tool, where the buffer overflow is triggered by the file names passed as arguments. Cheers,can you post the filenames/affected code? thanks.
You can find it in this patch: https://bugzilla.redhat.com/attachment.cgi?id=783274 linked from: https://bugzilla.redhat.com/show_bug.cgi?id=991757 Cheers, Thijs
Current thread:
- CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 04)
- Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Thijs Kinkhorst (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Kurt Seifried (Aug 21)
- Re: CVE request: lcms 1.x buffer overflows Raphael Geissert (Aug 05)