'[oss-security] CVE request: XEmacs Multiple Integer Overflows'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] CVE request: XEmacs Multiple Integer Overflows
From:       Alex Legler <a3li () gentoo ! org>
Date:       2009-07-16 7:25:41
Message-ID: 1247729141.4227.6.camel () localhost
[Download RAW message or body]

Hi,

I don't think we have a CVE for this/these issue(s) yet, so please
assign one/some:

The {tiff,png,jpeg}_instantiate() functions in glyphs-eimage.c contain
an integer overflow, possibly leading to a heap-based buffer overflow.

References:
Filed upstream as: http://tracker.xemacs.org/XEmacs/its/issue534

http://secunia.com/advisories/35348
http://www.vupen.com/english/advisories/2009/1666
https://bugs.gentoo.org/show_bug.cgi?id=275397
https://bugzilla.redhat.com/show_bug.cgi?id=511994

Thanks,
Alex

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic