There's several possible integer overflows in the PNG handling code in Cairo, at least one of which can be caused by user controlled values when opening large images, possibly leading to a buffer overflow.
Upstream fixes are here:
According to upstream, a 1.4.12 release is pending.
Please commit a patched bump to 1.4.10, or 1.4.12 as soon as it's out.
Ebuild is in the tree
Public per $URL.
Arches, please test and mark stable x11-libs/cairo-1.4.12.
Target keywords : "alpha amd64 arm hppa ia64 mips ppc ppc64 s390 sh sparc x86"
I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the development branch.
Stable for HPPA.
(In reply to comment #3)
> I assume 1.5.2 is also affected? If so, there hopefully is a ported fix the
> development branch.
The fixes from the two diffs are already in 1.5.2, except those relating to pixman.
*** Bug 201298 has been marked as a duplicate of this bug. ***
glsa request filed
true, for the 1.5 master the changes were introduced long time ago:
Does not affect current (2008.0) release. Removing release.