| Summary: | <x11-libs/pixman-0.32.4 : integer underflow when handling trapezoids (CVE-2013-6425) | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | major | CC: | x11 |
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.redhat.com/show_bug.cgi?id=1037975 | ||
| Whiteboard: | A2 [glsa] | ||
| Package list: | Runtime testing required: | --- | |
Arches, please test and mark stable: =x11-libs/pixman-0.32.4 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Stable for HPPA. amd64 stable x86 stable ppc stable ppc64 stable arm stable alpha stable sparc stable ia64 stable. glsa request filed. Maintainer(s), please cleanup. Old versions dropped. CVE-2013-6425 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-6425): Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman before 0.32.0, as used in X.Org server and cairo, allows context-dependent attackers to cause a denial of service (crash) via a negative bottom value. This issue was resolved and addressed in GLSA 201402-03 at http://security.gentoo.org/glsa/glsa-201402-03.xml by GLSA coordinator Mikle Kolyada (Zlogene). |
From ${URL} : An integer underflow flaw was found in pixman when handling trapezoids. If an application used pixman opened a crafted document, it could cause the application to crash. References: http://seclists.org/oss-sec/2013/q4/399 https://bugs.freedesktop.org/show_bug.cgi?id=67484 https://bugs.freedesktop.org/attachment.cgi?id=87925 @maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.