[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 9 Feb 2016 19:20:05 -0800
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint,
gtk+2.0
Hello MITRE, all,
Virgil Grigoras and Vlad Orlov discovered an integer overflow flaw in
gtk+2.0 in image handling:
https://github.com/mate-desktop/eom/issues/93
Bert Massop discovered the same issue in the gtk+3.0 codebase:
https://bugzilla.gnome.org/show_bug.cgi?id=703220
The fix replaces a direct height * cairo_stride multiplication with a call
to g_malloc_n() which knows how to multiply correctly:
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
- cairo_pixels = g_malloc (height * cairo_stride);
+ cairo_pixels = g_malloc_n (height, cairo_stride);
This same bug appears to be copy-and-pasted to at least:
eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0
https://codesearch.debian.net/results/height%20%5C*%20cairo_stride/page_0
I haven't been able to find CVEs assigned for any of these issues.
Thanks
Related links:
https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
https://github.com/mate-desktop/eom/issues/93
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
https://bugzilla.gnome.org/show_bug.cgi?id=703220
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
https://codesearch.debian.net/results/height%20%5C*%20cairo_stride/page_0
Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)
Powered by blists - more mailing lists
Please check out the
Open Source Software Security Wiki, which is counterpart to this
mailing list.
Confused about mailing lists and their use?
Read about mailing lists on Wikipedia
and check out these
guidelines on proper formatting of your messages.
