Summary: | <media-gfx/optipng-0.7.6: invalid write / buffer overflow (CVE-2016-{2191,3981,3982}) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | sping, tristan |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.openwall.com/lists/oss-security/2016/04/04/2 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 561882 |
Description
Hanno Böck
2016-04-04 16:49:12 UTC
(In reply to Hanno Boeck from comment #0) > Anyway, please bump to 0.7.6. Bumped. https://github.com/gentoo/gentoo/commit/db5868a52221a1dfda5156f7f3ea4fd823a1ee9d Can we start stabilizing? No objections from my side. Stable for PPC64. amd64 stable x86 stable CVE-2016-2191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2191): The bmp_read_rows function in pngxtern/pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (invalid memory write and crash) via a series of delta escapes in a crafted BMP image. Added to existing GLSA request. @ppc, ping. CVE-2016-3982 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3982): Off-by-one error in the bmp_rle4_fread function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file, which triggers a heap-based buffer overflow. CVE-2016-3981 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-3981): Heap-based buffer overflow in the bmp_read_rows function in pngxrbmp.c in OptiPNG before 0.7.6 allows remote attackers to cause a denial of service (out-of-bounds read or write access and crash) or possibly execute arbitrary code via a crafted image file. ppc stable. Maintainer(s), please cleanup. (In reply to Agostino Sarubbo from comment #10) > Maintainer(s), please cleanup. Done https://github.com/gentoo/gentoo/commit/4d09b54143ce2beaa1bf7cb65f700fd2e16db6c9 This issue was resolved and addressed in GLSA 201608-01 at https://security.gentoo.org/glsa/201608-01 by GLSA coordinator Yury German (BlueKnight). |