oss-sec mailing list archives
Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1
From: Andreas Stieger <astieger () suse com>
Date: Mon, 5 Oct 2015 12:28:06 +0200
Hello, On 10/01/2015 03:03 PM, Gustavo Grieco wrote:
We found a heap overflow in the gdk-pixbuf implementation triggered by the scaling of gif file.These issues are only fixed in the recent release of gdk-pixbuf 2.32.1 but affects older versions (we tested it in a fully updated Ubuntu 14.04). These issues were found using QuickFuzz.
Could you please share you fuzzed sample? Thanks, Andreas -- Andreas Stieger <astieger () suse com> Project Manager Security SUSE Linux GmbH, GF: Felix Imendörffer, Jane Smithard, Graham Norton, HRB 21284 (AG Nürnberg)
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
- Re: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Yann Droneaud (Oct 05)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 cve-assign (Oct 02)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Andreas Stieger (Oct 05)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 05)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)