Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <CACn5sdQLTqa8MLRsaaReoPMBO5D6YJpSEiUQbrHPrny496rbOg@mail.gmail.com>
Date: Wed, 26 Oct 2016 19:00:23 -0300
From: Gustavo Grieco <gustavo.grieco@...il.com>
To: oss-security@...ts.openwall.com
Subject: Re: Re: librsvg and cairo are causing libpng to write out-of-bounds

A patch was recently proposed:

https://bugs.freedesktop.org/attachment.cgi?id=127421

thanks to John Bowler and his detailed analysis of this issue:

https://bugs.freedesktop.org/show_bug.cgi?id=98165

Can we have a CVE, now that we know it was an integer overflow and we have
a patch?

Regards,
Gustavo.


2016-10-06 21:02 GMT-03:00 John Bowler <john.cunningham.bowler@...il.com>:

> The bug is not specific to librsvg.  This instance happens in
> write_png inside cairo-png.c, but the actual bug is elsewhere.  Other
> exploits probably exist using things other than PNG and SVG.  I think
> this needs to be CVE'ed immediately.
>
> --
> John Bowler <john.cunningham.bowler@...il.com>
> +1 (541) 450-9885
> PO BOX 3151
> KERBY OR 97531-3151
> USA
>

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.