Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 200350 (CVE-2007-5503) - x11-libs/cairo <1.4.12 Buffer overflow in read_png() (CVE-2007-5503)
Summary: x11-libs/cairo <1.4.12 Buffer overflow in read_png() (CVE-2007-5503)
Status: RESOLVED FIXED
Alias: CVE-2007-5503
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: https://rhn.redhat.com/errata/RHSA-20...
Whiteboard: B2 [glsa]
Keywords:
: 201298 (view as bug list)
Depends on:
Blocks:
 
Reported: 2007-11-26 00:36 UTC by Robert Buchholz (RETIRED)
Modified: 2020-04-04 08:30 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-26 00:36:39 UTC 
There's several possible integer overflows in the PNG handling code in Cairo, at least one of which can be caused by user controlled values when opening large images, possibly leading to a buffer overflow.

Upstream fixes are here:
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
http://gitweb.freedesktop.org/?p=cairo;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b

According to upstream, a 1.4.12 release is pending.
Please commit a patched bump to 1.4.10, or 1.4.12 as soon as it's out.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2007-11-29 19:39:29 UTC 
Ebuild is in the tree
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 20:21:35 UTC 
Public per $URL.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 20:26:49 UTC 
Arches, please test and mark stable x11-libs/cairo-1.4.12.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"

I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the development branch.
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2007-11-30 13:07:24 UTC 
x86 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2007-11-30 13:32:39 UTC 
ppc64 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2007-11-30 14:09:59 UTC 
Stable for HPPA.
Comment 7 Steve Dibb (RETIRED) gentoo-dev 2007-11-30 20:29:06 UTC 
amd64 stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2007-11-30 22:40:40 UTC 
ppc stable
Comment 9 Ewgenij Starostin 2007-12-01 01:55:18 UTC 
(In reply to comment #3)
> I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the
> development branch.
The fixes from the two diffs are already in 1.5.2, except those relating to pixman.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2007-12-04 12:28:31 UTC 
alpha/ia64/sparc stable
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 23:42:36 UTC 
*** Bug 201298 has been marked as a duplicate of this bug. ***
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 23:44:22 UTC 
glsa request filed
Comment 13 Robert Buchholz (RETIRED) gentoo-dev 2007-12-05 01:23:42 UTC 
true, for the 1.5 master the changes were introduced long time ago:
http://gitweb.freedesktop.org/?p=cairo;a=commit;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-09 21:04:03 UTC 
GLSA 200712-04
Comment 15 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:51:57 UTC 
Does not affect current (2008.0) release. Removing release.