Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <20160210032005.GC26858@hunt>
Date: Tue, 9 Feb 2016 19:20:05 -0800
From: Seth Arnold <seth.arnold@...onical.com>
To: oss-security@...ts.openwall.com
Cc: security@...ntu.com
Subject: CVE Request: eom, gnome-photos, eog, gambas3, thunar, pinpoint,
 gtk+2.0

Hello MITRE, all,

Virgil Grigoras and Vlad Orlov discovered an integer overflow flaw in
gtk+2.0 in image handling:

https://github.com/mate-desktop/eom/issues/93

Bert Massop discovered the same issue in the gtk+3.0 codebase:

https://bugzilla.gnome.org/show_bug.cgi?id=703220

The fix replaces a direct height * cairo_stride multiplication with a call
to g_malloc_n() which knows how to multiply correctly:

https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6

-  cairo_pixels = g_malloc (height * cairo_stride);
+  cairo_pixels = g_malloc_n (height, cairo_stride);

This same bug appears to be copy-and-pasted to at least:
eom, gnome-photos, eog, gambas3, thunar, pinpoint, gtk+2.0

https://codesearch.debian.net/results/height%20%5C*%20cairo_stride/page_0

I haven't been able to find CVEs assigned for any of these issues.

Thanks

Related links:

https://bugs.launchpad.net/ubuntu/+source/gtk+2.0/+bug/1540811
https://github.com/mate-desktop/eom/issues/93
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799275
https://bugzilla.gnome.org/show_bug.cgi?id=703220
https://git.gnome.org/browse/gtk+/commit?id=894b1ae76a32720f4bb3d39cf460402e3ce331d6
https://codesearch.debian.net/results/height%20%5C*%20cairo_stride/page_0

Download attachment "signature.asc" of type "application/pgp-signature" (474 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.