| Summary: | <media-gfx/imageworsener-1.3.1: Multiple vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED FIXED | ||
| Severity: | normal | CC: | sping |
| Priority: | Normal | Flags: | stable-bot:
sanity-check+
|
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | B2 [glsa cve] | ||
| Package list: |
=media-gfx/imageworsener-1.3.1
|
Runtime testing required: | --- |
|
Description
Agostino Sarubbo
2017-05-09 18:23:14 UTC
commit a06a45ea37e5dcbb74c60ec9802283eb1d3cb502 Author: Sebastian Pipping <sping@g.o> Date: Tue May 9 21:08:19 2017 +0200 media-gfx/imageworsener: 1.3.1 (bug #618014) Package-Manager: Portage-2.3.5, Repoman-2.3.2 media-gfx/imageworsener/Manifest | 1 + media-gfx/imageworsener/imageworsener-1.3.1.ebuild | 49 ++++++++++++++++++++++ 2 files changed, 50 insertions(+) https://github.com/gentoo/gentoo/commit/a06a45ea37e5dcbb74c60ec9802283eb1d3cb502 ready to stabilize? No objections from me. Would be: amd64 x86 amd64 stable x86 stable. Maintainer(s), please cleanup. Security, please add it to the existing request, or file a new one. (In reply to Agostino Sarubbo from comment #5) > Maintainer(s), please cleanup. commit ab803ddde388207bbe924872be5bb68b02f52ce1 Author: Sebastian Pipping <sping@g.o> Date: Tue May 16 19:52:08 2017 +0200 media-gfx/imageworsener: Remove vulnerable (bug #618014) Package-Manager: Portage-2.3.5, Repoman-2.3.2 media-gfx/imageworsener/Manifest | 4 -- media-gfx/imageworsener/imageworsener-0.9.2.ebuild | 37 ---------------- media-gfx/imageworsener/imageworsener-1.0.0.ebuild | 49 ---------------------- media-gfx/imageworsener/imageworsener-1.2.0.ebuild | 49 ---------------------- media-gfx/imageworsener/imageworsener-1.3.0.ebuild | 49 ---------------------- 5 files changed, 188 deletions(-) https://github.com/gentoo/gentoo/commit/ab803ddde388207bbe924872be5bb68b02f52ce1 CVE ID: CVE-2017-8325 Summary: The iw_process_cols_to_intermediate function in imagew-main.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted image. Published: 2017-04-29T20:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-8326 Summary: libimageworsener.a in ImageWorsener before 1.3.1 has "left shift cannot be represented in type int" undefined behavior issues, which might allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted image, related to imagew-bmp.c and imagew-util.c. Published: 2017-04-29T20:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-8327 Summary: The bmpr_read_uncompressed function in imagew-bmp.c in libimageworsener.a in ImageWorsener before 1.3.1 allows remote attackers to cause a denial of service (memory consumption) via a crafted image. Published: 2017-04-29T20:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-7962 Summary: The iwgif_read_image function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file. Published: 2017-04-19T15:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-7940 Summary: The iw_read_gif_file function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to consume an amount of available memory via a crafted file. Published: 2017-04-18T19:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-7939 Summary: The read_next_pam_token function in imagew-pnm.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (stack-based buffer over-read) via a crafted file. Published: 2017-04-18T19:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-7454 Summary: The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (heap-based buffer over-read) via a crafted file. Published: 2017-04-06T00:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-7453 Summary: The iwgif_record_pixel function in imagew-gif.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Published: 2017-04-06T00:59:00.000Z -------------------------------------------------------------------------------- CVE ID: CVE-2017-7452 Summary: The iwbmp_read_info_header function in imagew-bmp.c in libimageworsener.a in ImageWorsener 1.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted file. Published: 2017-04-06T00:59:00.000Z -------------------------------------------------------------------------------- This issue was resolved and addressed in GLSA 201706-06 at https://security.gentoo.org/glsa/201706-06 by GLSA coordinator Thomas Deutschmann (whissi). |
