Summary: | <media-libs/libfpx-1.3.1_p6: "Free_All_Memory()" Double-Free Vulnerability (CVE-2012-0025) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | graphics+disabled, jer |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://secunia.com/advisories/47246/ | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2011-12-20 14:49:59 UTC
CVE-2012-0025 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-0025): Double free vulnerability in the Free_All_Memory function in jpeg/dectile.c in libfpx before 1.3.1-1, as used in the FlashPix PlugIn 4.2.2.0 for IrfanView, allows remote attackers to cause a denial of service (crash) via a crafted FPX image. # Aaron Bauman <bman@gentoo.org> (20 Feb 2016) # No maintainer and unmitigated vulnerabilities. # Masked for removal in 30 days. Bug 395367 media-libs/libfpx Nothing depends on this package: * These packages depend on media-libs/libfpx: I apologize for the confusion. Missed a switch on my run of equery. Maintainer/project please bump package. Arch teams, please test and mark stable: =media-libs/libfpx-1.3.1_p6 Targeted stable KEYWORDS : alpha amd64 arm hppa ia64 ppc ppc64 sparc x86 Stable for HPPA PPC64. amd64 stable arm stable Stable on alpha. x86 stable ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. cleaned up old version. https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=6a3dc810b1af2ad2d2e1888c414ebd72723f0cff GLSA request opened. Thanks arches and maintainer for the effort. This issue was resolved and addressed in GLSA 201605-03 at https://security.gentoo.org/glsa/201605-03 by GLSA coordinator Yury German (BlueKnight). |