|
Message-Id: <20150616023245.E6A71B2E469@smtpvbsrv1.mitre.org> Date: Mon, 15 Jun 2015 22:32:45 -0400 (EDT) From: cve-assign@...re.org To: scorneli@...hat.com Cc: cve-assign@...re.org, oss-security@...ts.openwall.com Subject: Re: CVE-2015-0848 - Heap overflow on libwmf0.2-7 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 > There's another issue related to the RLE decoding. DecodeImage() does > not check that the run-length "count" fits into the total size of the > image, which can lead to a heap-based buffer overflow. I've not > assigned a CVE ID to this (mainly because I'm not sure if this > warrants a new CVE or should be bundled with CVE-2015-0848 > We have some possible fixes in our bug [1], but be cautious - these are > not fully vetted yet. > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1227243 Use CVE-2015-4588 for this new issue. (The two issues were disclosed at different times by different persons. CVE-2015-0848 is about a missing bits-per-pixel factor in a calculation. CVE-2015-4588 is about a loop that can proceed past the end of its output array.) - -- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (SunOS) iQEcBAEBAgAGBQJVf4pCAAoJEKllVAevmvmssL4H/A31/XONQy1Fc7/Ko6Nvy09R bBe98kCx4HTZxDONT/WT7QWXFZ1BJH5p9e+MSnTpNUkltaTtCp9PNCRnD21S6YSu MrbopCukDvOtifSfBEi2qWX/U6qB+Rqs1EhexK3TuUVT4L+KqxOzBkcRx+o3zmKQ m3iTWSAq7rVz7HUPI0lnVwpJyDmFrBZZK6KH3M0Cz95EjAeAF1HHEAkVkMn6CO9i 3sAGCSJexFzXp6TSOfwRiHpttUr4+yt6JIF+eCRKY2dPxdt3Q9O0/jFfScQ6CJNm hMHjpNJyt0i/ShLxy05sV8glhy6gk1vpw0QBIAITVXZlR+CAOTa7tZoqWRCaR7I= =bRPB -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.