246522 – media-gfx/optipng < 0.6.2 bmp buffer overflow (CVE-2008-5101)

Bug 246522 - media-gfx/optipng < 0.6.2 bmp buffer overflow (CVE-2008-5101)

Summary: media-gfx/optipng < 0.6.2 bmp buffer overflow (CVE-2008-5101)

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:	http://secunia.com/Advisories/32651/
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-11-12 18:26 UTC by Hanno Böck
Modified:	2008-12-02 17:26 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Hanno Böck gentoo-dev

2008-11-12 18:26:32 UTC

See secunia advisory:
http://secunia.com/Advisories/32651/

We already have 0.6.2 in the tree, so we only need to stabilize it, arch's cc'ed.

Comment 1 Christian Hoffmann (RETIRED) gentoo-dev

2008-11-12 22:03:38 UTC

Arches, please test and stabilize:
  =media-gfx/optipng-0.6.2

Target keywords: alpha amd64 ppc x86

Comment 2 Markus Meier gentoo-dev

2008-11-15 10:30:17 UTC

amd64/x86 stable

Comment 3 Raúl Porcel (RETIRED) gentoo-dev

2008-11-15 11:47:33 UTC

alpha stable

Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev

2008-11-15 18:16:31 UTC

ppc stable

Comment 5 Stefan Behte (RETIRED) gentoo-dev

2008-11-18 15:09:35 UTC

CVE-2008-5101 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5101):
  Buffer overflow in the BMP reader in OptiPNG 0.6 and 0.6.1 allows
  user-assisted attackers to execute arbitrary code via a crafted BMP
  image, related to an "array overflow."

Comment 6 Tobias Heinlein (RETIRED) gentoo-dev

2008-11-22 17:38:19 UTC

GLSA request filed.

Comment 7 Robert Buchholz (RETIRED) gentoo-dev

2008-12-02 17:26:17 UTC

GLSA 200812-01