Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20151002171339.1A8176C0006@smtpvmsrv1.mitre.org>
Date: Fri,  2 Oct 2015 13:13:39 -0400 (EDT)
From: cve-assign@...re.org
To: gustavo.grieco@...il.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE request: Heap overflow and DoS with a tga file in gdk-pixbuf < 2.32.1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> We found a heap overflow and a DoS in the gdk-pixbuf implementation
> triggered by the scaling of tga file. These issues are only fixed in the
> recent release of gdk-pixbuf 2.32.1
> 
> it was fixed in 2.32.0 with the 3 commits
> starting with
> https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d

This means:

https://git.gnome.org/browse/gdk-pixbuf/commit/?id=19f9685dbff7d1f929c61cf99188df917a18811d
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=edf6fb8d856574bc3bb3a703037f56533229267c
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=6ddca835100107e6b5841ce9d56074f6d98c387e

Use CVE-2015-7673. Apparently the cause of the issue was use of heap
memory after an allocation failure.

The original CVE request said "< 2.32.1" and "only fixed in ...
2.32.1" but then a followup message said "fixed in 2.32.0" instead. We
think the latter is correct.

The entry in the 2.32.0 changelog is shown in:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=02a76ac6956ee1418da926d6f2cedb78525495b7

Responding to:

> From: Kurt Seifried <kseifried@...hat.com>
> Date: Thu, 1 Oct 2015 08:04:12 -0600
> 
> I know on our end there was some
> confusion as to whether or not this is the same flaw or closely related to
> https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/

CVE-2015-4491 from mfsa2015-88 has different affected versions. Also, that
CVE is only for an integer overflow. If missing allocation-failure checking
before ffec86ed5010c5a2be14f47b33bcf4ed3169a199
is separately exploitable, then another CVE ID could be assigned.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWDro2AAoJEL54rhJi8gl5D54QAK/Vzop01NHL5zZpZlBwzrGZ
8dLEBvFTqXPjItMwhmLGNV/R9M59T3LEtRyENG45lMyDECuKsMVoL696Q87h16+c
Gweir8ZcVC19QxMBpwn4ITiXZ3JRnLgHqEZAp+6eI4zlW4GFkpyXxF3E3YR/U3mv
Bace8L3FoAq9jVqgMsHdVzZWyeUpKL9FZbRDE9wsimOg1mFIrZ/ZLW5qlFDdoxVt
GqbeBpr2F+8678HQh+DIaDfyLmqSj0RCO4qBtOOoQzQ9VU+JL8TvMJE2883rwVq+
+JHf81c8ABZmqYrn/oh8AMr8WggesZRd1Q/0r+Tb7/w1FGv/qPa6JsNglrOxDxT3
AEBfTUrllJpmfrX8VQFTTNecagLwPMC3s1j48lV8ZghOj3/mL4n68Tp5sV6f/b6Z
olX0pqH6E5iSy8BNBtrRF7r0yLfUewqwKlvOhT04zl3M26O2RD5HYWuxSxokXtkn
kUGd/zhryOX5Duz+c7HAG9ZBl26zC9BCyaSbzlo6yj3HPi+AxtQKSLxFl+dQmtIg
sWgQAKn056s6BWtdTbInUIzTV86LQ7Oa00QKobcLrVHwFi2mEZIRjmdDuR3oin7M
DRdB89E4SdLGFe8cIw3oG60noyRObJitB2hjSoxuUdO/ZFAbUTbgfz0b44grS/YD
njkGj067RRjmWP+GKRGp
=cZzu
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.