Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 200350 (CVE-2007-5503) - x11-libs/cairo <1.4.12 Buffer overflow in read_png() (CVE-2007-5503)
Summary: x11-libs/cairo <1.4.12 Buffer overflow in read_png() (CVE-2007-5503)
Alias: CVE-2007-5503
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa]
: 201298 (view as bug list)
Depends on:
Reported: 2007-11-26 00:36 UTC by Robert Buchholz (RETIRED)
Modified: 2020-04-04 08:30 UTC (History)
4 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Robert Buchholz (RETIRED) gentoo-dev 2007-11-26 00:36:39 UTC
There's several possible integer overflows in the PNG handling code in Cairo, at least one of which can be caused by user controlled values when opening large images, possibly leading to a buffer overflow.

Upstream fixes are here:;a=commitdiff;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360;a=commitdiff;h=e49bcde27f88e21d5b8037a0089a226096f6514b

According to upstream, a 1.4.12 release is pending.
Please commit a patched bump to 1.4.10, or 1.4.12 as soon as it's out.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2007-11-29 19:39:29 UTC
Ebuild is in the tree
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 20:21:35 UTC
Public per $URL.
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2007-11-29 20:26:49 UTC
Arches, please test and mark stable x11-libs/cairo-1.4.12.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"

I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the development branch.
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2007-11-30 13:07:24 UTC
x86 stable
Comment 5 Markus Rothe (RETIRED) gentoo-dev 2007-11-30 13:32:39 UTC
ppc64 stable
Comment 6 Jeroen Roovers (RETIRED) gentoo-dev 2007-11-30 14:09:59 UTC
Stable for HPPA.
Comment 7 Steve Dibb (RETIRED) gentoo-dev 2007-11-30 20:29:06 UTC
amd64 stable
Comment 8 Tobias Scherbaum (RETIRED) gentoo-dev 2007-11-30 22:40:40 UTC
ppc stable
Comment 9 Ewgenij Starostin 2007-12-01 01:55:18 UTC
(In reply to comment #3)
> I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the
> development branch.
The fixes from the two diffs are already in 1.5.2, except those relating to pixman.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2007-12-04 12:28:31 UTC
alpha/ia64/sparc stable
Comment 11 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 23:42:36 UTC
*** Bug 201298 has been marked as a duplicate of this bug. ***
Comment 12 Robert Buchholz (RETIRED) gentoo-dev 2007-12-04 23:44:22 UTC
glsa request filed
Comment 13 Robert Buchholz (RETIRED) gentoo-dev 2007-12-05 01:23:42 UTC
true, for the 1.5 master the changes were introduced long time ago:;a=commit;h=5c7d2d14d78e4dfb1ef6d2c40f0910f177e07360
Comment 14 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-09 21:04:03 UTC
GLSA 200712-04
Comment 15 Peter Volkov (RETIRED) gentoo-dev 2008-03-06 09:51:57 UTC
Does not affect current (2008.0) release. Removing release.