Summary: | x11-misc/xnc bundles a copy of libSDL, libSDL_image, vulnerable to CVE-2007-6697 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Diego Elio Pettenò (RETIRED) <flameeyes> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | esigra |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B2 [noglsa] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 276240 | ||
Bug Blocks: | 251464 |
Description
Diego Elio Pettenò (RETIRED)
2008-12-25 20:26:24 UTC
Symbol SDL_WriteBE64@@ (32-bit UNIX System V ABI Intel 80386) present 7 times /usr/bin/xncsetup /usr/bin/ives /usr/bin/xncloader /usr/bin/xnlaunch libSDL /usr/bin/xnc /usr/bin/xjpegroot I could not find the SDL functionality exposed in xnc directly. It seems only x(nc)setup and xjpegroot expose the SDL functionality. I could reproduce the issue in jpegroot: $ gdb /usr/bin/xjpegroot GNU gdb 6.8 Copyright (C) 2008 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-pc-linux-gnu"... (gdb) run -c CVE-2007-6697.gif Starting program: /usr/bin/xjpegroot -c CVE-2007-6697.gif XJPEGroot Version 1.1.6 **********Image Engine********** * * *Visual: TrueColor * *Depth: 24 (4 bytes/pixel) * *RGB: 8:8:8 * *Colors: 16777216 * *Images: GIF,JPEG,PCX * * * ******** (c) Leo 96-98 ********* Loading image [CVE-2007-6697.gif]..... Program received signal SIGSEGV, Segmentation fault. LWZReadByte (src=0x24812d0, flag=<value optimized out>, input_code_size=<value optimized out>) at sdl_image/IMG_gif.c:425 425 table[1][i] = i; Current language: auto; currently c (gdb) bt #0 LWZReadByte (src=0x24812d0, flag=<value optimized out>, input_code_size=<value optimized out>) at sdl_image/IMG_gif.c:425 #1 0x000000000040c42a in ReadImage (src=0x24812d0, len=10, height=10, cmapSize=256, cmap=0x62ad28, gray=<value optimized out>, interlace=0, ignore=0) at sdl_image/IMG_gif.c:523 #2 0x000000000040c9e2 in IMG_LoadGIF_RW (src=0x24812d0) at sdl_image/IMG_gif.c:249 #3 0x000000000040b5cc in im_load_image_through_loader (fname=<value optimized out>, to_pic=0x614400, from_mem_size=<value optimized out>, img_loader=0x40c680 <IMG_LoadGIF_RW>) at sdl_image/SDL_to_picinfo.c:137 #4 0x0000000000407b39 in LoadXImage (file=0x7fff9fa9ee55 "CVE-2007-6697.gif", cmptype=<value optimized out>, type=<value optimized out>) at image.cxx:580 #5 0x0000000000405b32 in SetRootWindow (tline=0x7fff9fa9ee55 "CVE-2007-6697.gif", opt=<value optimized out>) at xjpegroot.cxx:77 #6 0x0000000000405d84 in main (argc=3, argv=0x7fff9fa9e618) at xjpegroot.cxx:50 Oh, I missed ives. It expsoses the functions as well. Removed from tree by maintainers. GLSA time first, Samuli. Removed from tree long time ago, no GLSA |