| Summary: | x11-libs/gdk-pixbuf: (CVE-2017-6314) Infinite loop in io-tiff.c with large size | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Ian Zimmerman <nobrowser> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | Normal | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| URL: | https://bugzilla.gnome.org/show_bug.cgi?id=779020 | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
*** This bug has been marked as a duplicate of bug 611390 *** |
According to the upstream tracker (see ${URL}): The bug is in the function make_available_at_least (line 499). See the following lines: if (need_alloc > context->allocated) { guint new_size = 1; while (new_size < need_alloc) new_size *= 2; ... new_size starts with 1 and multiplies until it is larger or equal to need_alloc. If need_alloc is larger than 2^31, new_size will become 2^31 and multiply itself in 2, and become 0. This would lead to an infinite loop. Reproducible: Always