Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 500124

Summary: GLSA 201402-03 : DoS or code execution?
Product: Gentoo Security Reporter: Agostino Sarubbo <ago>
Component: GLSA ErrorsAssignee: Gentoo Security <security>
Status: RESOLVED WORKSFORME    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Agostino Sarubbo gentoo-dev 2014-02-02 18:40:52 UTC 
The cve description says:

  Integer underflow in the pixman_trapezoid_valid macro in pixman.h in Pixman
  before 0.32.0, as used in X.Org server and cairo, allows context-dependent
  attackers to cause a denial of service (crash) via a negative bottom value


I make another search and I never seen any mention of code execution.
Comment 1 Sergey Popov (RETIRED) gentoo-dev 2014-02-02 18:48:09 UTC 
Additional research made by RedHat guys says that possibility of code execution exists[1], that's why GLSA mentions it.

[1] - https://rhn.redhat.com/errata/RHSA-2013-1869.html