oss-sec mailing list archives

Re: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1

From: Yann Droneaud <ydroneaud () opteya com>
Date: Mon, 05 Oct 2015 14:25:35 +0200

Hi,


Le jeudi 01 octobre 2015 à 12:25 -0300, Gustavo Grieco a écrit :

2015-10-01 10:03 GMT-03:00 Gustavo Grieco <gustavo.grieco () gmail com>:

We found a heap overflow in the gdk-pixbuf implementation triggered 
by the scaling of gif file.These issues are only fixed in the 
recent release of gdk-pixbuf 2.32.1 but affects older versions (we 
tested it in a fully updated Ubuntu 14.04).



If someone needs more details, it was fixed in 2.32.1 with this
commit:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=e9a5704edaa9aee949
8f1fbf6e1b70fcce2e55aa


The patch fixes pixops_scale_nearest() but AFAICT I think the same
should be applied to other functions has they use the same construct:

- pixops_composite_nearest()

https://git.gnome.org/browse/gdk-pixbuf/tree/gdk-pixbuf/pixops/pixops.c?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa#n339

- pixops_composite_color_nearest()

https://git.gnome.org/browse/gdk-pixbuf/tree/gdk-pixbuf/pixops/pixops.c?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa#n504

- pixops_process()

https://git.gnome.org/browse/gdk-pixbuf/tree/gdk-pixbuf/pixops/pixops.c?id=e9a5704edaa9aee9498f1fbf6e1b70fcce2e55aa#n1316

Regards.

-- 
Yann Droneaud
OPTEYA

Current thread:

CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 01)
  - Re: Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Yann Droneaud (Oct 05)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 cve-assign (Oct 02)
- Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Andreas Stieger (Oct 05)
  - Re: CVE request: Heap overflow with a gif file in gdk-pixbuf < 2.32.1 Gustavo Grieco (Oct 05)