Summary: | <x11-libs/gdk-pixbuf-2.24.1-r1: integer overflow in xbm loader (CVE-2012-2370) | ||||||
---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Alexandre Rostovtsev (RETIRED) <tetromino> | ||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||
Status: | RESOLVED FIXED | ||||||
Severity: | normal | CC: | gnome | ||||
Priority: | Normal | ||||||
Version: | unspecified | ||||||
Hardware: | All | ||||||
OS: | Linux | ||||||
URL: | https://bugzilla.gnome.org/show_bug.cgi?id=672811 | ||||||
Whiteboard: | A3 [glsa] | ||||||
Package list: | Runtime testing required: | --- | |||||
Attachments: |
|
Description
Alexandre Rostovtsev (RETIRED)
2012-04-14 20:51:57 UTC
Thanks, Alexandre. Arches, please test and mark stable: =x11-libs/gdk-pixbuf-2.24.1-r1 Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sh sparc x86" amd64 stable x86 stable Stable for HPPA. arm stable alpha/ia64/sh/sparc stable ppc was done already, ppc64 done as well now Thanks, everyone. Added to existing GLSA request. This issue was resolved and addressed in GLSA 201206-20 at http://security.gentoo.org/glsa/glsa-201206-20.xml by GLSA coordinator Sean Amoss (ackle). CVE-2012-2370 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-2370): Multiple integer overflows in the read_bitmap_file_data function in io-xbm.c in gdk-pixbuf before 2.26.1 allow remote attackers to cause a denial of service (application crash) via a negative (1) height or (2) width in an XBM file, which triggers a heap-based buffer overflow. |