Bug 574376

Summary:	<media-gfx/eom-1.10.5-r2: integer overflow (CVE-2013-7447)
Product:	Gentoo Security	Reporter:	Kristian Fiskerstrand (RETIRED) <k_f>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	mate, phmagic
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/mate-desktop/eom/issues/93
Whiteboard:	B3 [noglsa]
Package list:		Runtime testing required:	---
Bug Depends on:	579644
Bug Blocks:	574372

Description Kristian Fiskerstrand (RETIRED) gentoo-dev

2016-02-10 21:44:17 UTC

media-gfx/eom is vulnerable to CVE-2013-7447

See tracking bug for details.

##
kflaptop eom-1.8.0 # grep -r "cairo_pixels" -- *
src/eom-print-preview.c:  guchar *cairo_pixels;
src/eom-print-preview.c:  cairo_pixels = g_malloc (height * cairo_stride);

Comment 1 Adam Feldman gentoo-dev

2016-05-11 01:16:32 UTC

Fixed in 1.10.5-r2 in 78f56defd00d1056babb584f8fec806b1c60c329.  Not fixing 1.8.x.  Planning on dropping that as soon as 1.10.x is stabilized.  Marking this bug dependent on that stabilization.

Comment 2 Adam Feldman gentoo-dev

2016-08-06 14:38:09 UTC

Vulnerable versions no longer in tree.