Gentoo Bug 260265 - <media-gfx/optipng-0.6.2-r1 GIF memory reallocation (CVE-2009-0749)

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bug#:	260265
Alias:
Product:
Component:
Status:	RESOLVED
Resolution:	FIXED
Assigned To:	Gentoo Security <security@gentoo.org>

Hardware:
OS:
Version:
Priority:
Severity:

Reporter:	Robert Buchholz <rbu@gentoo.org>
Add CC:
CC:	Remove selected CCs

URL:
Summary:
Status Whiteboard:
Keywords:

Flags:			Requestee:
	Pending
	Approved
	Assigned_To		()

Filename	Description	Type	Creator	Created	Size	Actions
Create a New Attachment (proposed patch, testcase, etc.)						View All

Bug 260265 depends on:			Show dependency tree
Bug 260265 blocks:			Show dependency tree

Additional Comments: (this is where you put emerge --info)

Add to CC list

Not eligible to see or edit group visibility for this bug.

Leave as RESOLVED FIXED
Reopen bug
Mark bug as VERIFIED
Mark bug as CLOSED

View Bug Activity | Format For Printing | XML | Clone This Bug

Description:

Opened: 2009-02-25 16:22 0000

Quoting http://optipng.sourceforge.net/:
All current OptiPNG versions are known to be vulnerable to memory reallocation
attacks, due to a bug in the GIF image reader. (Many thanks to Roy Tam for the
report, as well as the fix.) 

patch:
http://213.203.218.125/o/op/optipng/optipng-0.6.2.1.diff

------- Comment #1 From Tristan Heaven 2009-02-25 17:31:26 0000 -------

Patched in 0.6.2-r1

------- Comment #2 From Robert Buchholz 2009-02-25 17:37:12 0000 -------

Arches, please test and mark stable:
=media-gfx/optipng-0.6.2-r1
Target keywords : "alpha amd64 ppc x86"

------- Comment #3 From Markus Meier 2009-02-25 20:11:02 0000 -------

amd64/x86 stable

------- Comment #4 From Robert Buchholz 2009-03-03 13:07:50 0000 -------

CVE-2009-0749 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-0749):
  Use-after-free vulnerability in the GIFReadNextExtension function in
  lib/pngxtern/gif/gifread.c in OptiPNG 0.6.2 and earlier allows
  context-dependent attackers to cause a denial of service (application
  crash) via a crafted GIF image that causes the realloc function to
  return a new pointer, which triggers memory corruption when the old
  pointer is accessed.

------- Comment #5 From Tobias Scherbaum 2009-03-04 20:23:11 0000 -------

ppc stable

------- Comment #6 From Raúl Porcel 2009-03-06 16:27:27 0000 -------

alpha stable

------- Comment #7 From Robert Buchholz 2009-03-09 13:07:14 0000 -------

GLSA 200903-12

Bug List: (This bug is not in your last search results) Show last search results Search page Enter new bug

Bugzilla Bug 260265

<media-gfx/optipng-0.6.2-r1 GIF memory reallocation (CVE-2009-0749)

Last modified: 2009-03-09 13:07:14 0000