[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re: librsvg and cairo are causing libpng to write out-of-bounds
From:       cve-assign () mitre ! org
Date:       2016-10-27 6:44:53
Message-ID: 20161027064453.D3E771BE040 () smtpvbsrv1 ! mitre ! org
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> A patch was recently proposed:
> 
> https://bugs.freedesktop.org/attachment.cgi?id=127421
> 
> thanks to John Bowler and his detailed analysis of this issue:
> 
> https://bugs.freedesktop.org/show_bug.cgi?id=98165
> 
> Can we have a CVE, now that we know it was an integer overflow and we have
> a patch?

Yes, use CVE-2016-9082 for everything fixed by
attachment.cgi?id=127421. Our understanding is that cairo is the
primary affected product.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJYEaIXAAoJEHb/MwWLVhi2F84P/RGLhyp408cPps8/bkAIzpL5
zJ8/+sqWYlVfYt+Mwcd4InGIzxHhaBRtPbX7c8FsWRhySib7QRadPdnp4U9xUNXP
o7Z4kV55WIaJhqo5soJT0kMBoI+itrktfJHFsyWnX3KGPvrsc+lembzQ0313Bw8f
G8KSmcSIfEBChOPdqezTsVHggDpwPdmXjBrNrd44WbQJA95oUz9dr9VPknSX52Bw
eBUJRuZ19EV3qlwaw0zrZcme1oqReyELGj8LRBLXGIbEbKfX9azjnHefWJXQW8qr
N3iWWoKSHe2RMo61FcG0T75AVF+A8SCsnbrWsmR4tDMmV98KNqdEoBZmvqH0wrBH
1A3pfvLYE4b9y6IsuWOjSvncvnxaWjHL+U0Vl7ndvHjWUWx6FTXkNLy6+YtxOu7D
wTfMhCSjaXtGoQS6yXYTJlHO1iFE9E3b/7p7Bn/Wgztba78OUUZQyVf4+jT49YQg
dO3OlSx0piN/VSg3ow6+YBHcN9Hr4abgRjFQD9stw2Ski8AOnGZ6vAn5XYqP9xLG
xbWdGECCFX3WlTrQwW/2yKV4B1QndNeqvnhYFTEKNxePPI4236mTHC49mP64SFVG
qALbGd+izC6KRtK1TG6jmFze8wQ1zyfCg3pWd0wottDwoSDOIkUGLv+6U5Cpqz6O
nve18XRyf0Tm9+hQQ8/X
=3wl0
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]