oss-sec mailing list archives

Re: CVE Request: gd buffer read overflow in gd_gif_in.c

From: cve-assign () mitre org
Date: Mon, 23 Mar 2015 14:20:02 -0400 (EDT)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

gd: buffer read overflow in gd_gif_in.c
https://bitbucket.org/libgd/gd-libgd/commits/47eb44b2e90ca88a08dca9f9a1aa9041e9587f43
https://bugs.php.net/bug.php?id=68601
https://bugzilla.redhat.com/show_bug.cgi?id=1188639

AddressSanitizer: stack-buffer-overflow on address
READ of size 1


Use CVE-2014-9709. Presumably the relevant attack scenarios involve
long-running processes that accept GIF files from untrusted sources
and call gdImageCreateFromGif on them, and then potentially crash
after the buffer over-read.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJVEFjPAAoJEKllVAevmvmsaUgH/3vLIjJLwpKSH62aG0iLLauj
beYgnlezQIo1ylSF0XYE9x9sbK706WQZ8clXfBwLNuRCdPPnrwqx0Tyk8YCVi/rv
HBiOpfE5GNADjgaYbhocHHjYWe40KWe8zRLH1apHj4U59ptvnwIteoYHyrLwUlV8
3w+w6f00lOo5Mgfo3qxdvFqDDmd3acYZSjRKWZ284UpyQlcAXQuPydkCK7F05zKy
8t2x4okwS3SYzeV5lCzW8VjqzBLu+0Gu76INuA1HgGZwriYpwCsomdYEbvDVTSn5
Frd6/1lZjZoTDqykrRRWYxZ3HrMAikWrlaqDuUCBpJ0zNHM8Sv1+qAsWbnJCwMo=
=9B62
-----END PGP SIGNATURE-----

Current thread:

CVE Request: gd buffer read overflow in gd_gif_in.c Francisco Alonso (Mar 23)
- Re: CVE Request: gd buffer read overflow in gd_gif_in.c Moritz Muehlenhoff (Mar 23)
- Re: CVE Request: gd buffer read overflow in gd_gif_in.c cve-assign (Mar 23)