oss-sec mailing list archives
Re: CVE Request: gd buffer read overflow in gd_gif_in.c
From: cve-assign () mitre org
Date: Mon, 23 Mar 2015 14:20:02 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
gd: buffer read overflow in gd_gif_in.c https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43 https://bugs.php.net/bug.php?id=68601 https://bugzilla.redhat.com/show_bug.cgi?id=1188639
AddressSanitizer: stack-buffer-overflow on address READ of size 1
Use CVE-2014-9709. Presumably the relevant attack scenarios involve long-running processes that accept GIF files from untrusted sources and call gdImageCreateFromGif on them, and then potentially crash after the buffer over-read. - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVEFjPAAoJEKllVAevmvmsaUgH/3vLIjJLwpKSH62aG0iLLauj beYgnlezQIo1ylSF0XYE9x9sbK706WQZ8clXfBwLNuRCdPPnrwqx0Tyk8YCVi/rv HBiOpfE5GNADjgaYbhocHHjYWe40KWe8zRLH1apHj4U59ptvnwIteoYHyrLwUlV8 3w+w6f00lOo5Mgfo3qxdvFqDDmd3acYZSjRKWZ284UpyQlcAXQuPydkCK7F05zKy 8t2x4okwS3SYzeV5lCzW8VjqzBLu+0Gu76INuA1HgGZwriYpwCsomdYEbvDVTSn5 Frd6/1lZjZoTDqykrRRWYxZ3HrMAikWrlaqDuUCBpJ0zNHM8Sv1+qAsWbnJCwMo= =9B62 -----END PGP SIGNATURE-----
Current thread:
- CVE Request: gd buffer read overflow in gd_gif_in.c Francisco Alonso (Mar 23)
- Re: CVE Request: gd buffer read overflow in gd_gif_in.c Moritz Muehlenhoff (Mar 23)
- Re: CVE Request: gd buffer read overflow in gd_gif_in.c cve-assign (Mar 23)