Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 839786 (CVE-2022-29536)

Summary: <www-client/epiphany-42.4: client buffer overflow via a long page title (CVE-2022-29536)
Product: Gentoo Security Reporter: filip ambroz <filip.ambroz>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal    
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://gitlab.gnome.org/GNOME/epiphany/-/merge_requests/1106
Whiteboard: A3 [glsa+]
Package list:
Runtime testing required: ---

Description filip ambroz 2022-04-21 07:18:10 UTC 
[CVE-2022-29536]
In GNOME Epiphany before 41.4 and 42.x before 42.2, an HTML document can trigger a client buffer overflow (in ephy_string_shorten) via a long page title. The issue occurs because the number of bytes for a UTF-8 ellipsis character is not properly considered.
Comment 1 Matt Turner gentoo-dev 2022-06-17 18:24:18 UTC 
All stable and cleaned.
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-06-18 13:38:28 UTC 
Thanks!
Comment 3 Larry the Git Cow gentoo-dev 2024-05-08 09:47:54 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/data/glsa.git/commit/?id=7a69d7abb7e2d4eb863dde1c092868d0df7cccbd

commit 7a69d7abb7e2d4eb863dde1c092868d0df7cccbd
Author:     GLSAMaker <glsamaker@gentoo.org>
AuthorDate: 2024-05-08 09:47:31 +0000
Commit:     Hans de Graaff <graaff@gentoo.org>
CommitDate: 2024-05-08 09:47:50 +0000

    [ GLSA 202405-27 ] Epiphany: Buffer Overflow
    
    Bug: https://bugs.gentoo.org/839786
    Signed-off-by: GLSAMaker <glsamaker@gentoo.org>
    Signed-off-by: Hans de Graaff <graaff@gentoo.org>

 glsa-202405-27.xml | 42 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 42 insertions(+)