Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 611666

Summary: x11-libs/gdk-pixbuf: (CVE-2017-6314) Infinite loop in io-tiff.c with large size
Product: Gentoo Security Reporter: Ian Zimmerman <nobrowser>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
Package list:
Runtime testing required: ---

Description Ian Zimmerman 2017-03-04 01:37:39 UTC
According to the upstream tracker (see ${URL}):

The bug is in the function make_available_at_least (line 499).
See the following lines:

if (need_alloc > context->allocated) {
    guint new_size = 1;
    while (new_size < need_alloc)
        new_size *= 2;

new_size starts with 1 and multiplies until it is larger or equal to need_alloc. If need_alloc is larger than 2^31, new_size will become 2^31 and multiply itself in 2, and become 0. This would lead to an infinite loop.

Reproducible: Always
Comment 1 Agostino Sarubbo gentoo-dev 2017-03-04 10:59:38 UTC

*** This bug has been marked as a duplicate of bug 611390 ***