Summary: | <media-libs/imlib2-1.4.9: integer overflow resulting in insufficient heap allocation (CVE-2016-4024) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | enlightenment+disabled |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227 | ||
Whiteboard: | B2 [glsa cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2016-04-15 06:53:38 UTC
there's some other fixes going on in the git repo. probably want to just wait for 1.4.9 to roll all of them up. 1.4.9 is in the tree now. should be fine for stable. Stable for PPC64. Stable for HPPA. amd64 stable x86 stable arm stable Stable on alpha. ppc stable sparc stable ia64 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. CVE-2016-4024 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-4024): Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. New GLSA request filed. This issue was resolved and addressed in GLSA 201611-12 at https://security.gentoo.org/glsa/201611-12 by GLSA coordinator Aaron Bauman (b-man). |