Summary: | <media-gfx/potrace-1.14: invalid memory read and memory allocation failure (CVE-2016-8685) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | fonts, graphics+disabled, hendrik |
Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | B3 [noglsa cve] | ||
Package list: |
=media-gfx/potrace-1.14
|
Runtime testing required: | --- |
Bug Depends on: | 626820 | ||
Bug Blocks: |
Description
Agostino Sarubbo
2017-02-20 08:10:19 UTC
CVE-2016-8685 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-8685): The findnext function in decompose.c in potrace 1.13 allows remote attackers to cause a denial of service (invalid memory access and crash) via a crafted BMP image. @ Maintainer(s): Can we already start stabilization of =media-gfx/potrace-1.14? Maintainer(s), please advise if you are ready for stabilization or call for stabilization yourself. If nothing in a week will cal for stabilization on May 7th. Time out on maintainers! Arches, please test and mark stable: =media-gfx/potrace-1.14 Target Keywords : "alpha amd64 arm hppa ia64 ppc ppc64 sparc x86" Thank you! amd64 stable x86 stable Stable on alpha. arm stable sparc stable ia64 stable ppc64 stable ppc stable Arches, please finish stabilizing hppa Gentoo Security Padawan ChrisADR hppa stable Stabilization is complete, thank you arches. @Maintainer(s): Please clean the vulnerable version from the tree. @Security: Please vote on whether a glsa is needed or not. Gentoo Security Padawan Kivak GLSA Vote: No Cleanup tracked in bug #626820 |