611666 – x11-libs/gdk-pixbuf: (CVE-2017-6314) Infinite loop in io-tiff.c with large size

Bug 611666 - x11-libs/gdk-pixbuf: (CVE-2017-6314) Infinite loop in io-tiff.c with large size

Summary: x11-libs/gdk-pixbuf: (CVE-2017-6314) Infinite loop in io-tiff.c with large size

Status:	RESOLVED DUPLICATE of bug 611390

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	Normal normal (vote)
Assignee:	Gentoo Security

URL:	https://bugzilla.gnome.org/show_bug.c...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2017-03-04 01:37 UTC by Ian Zimmerman
Modified:	2017-03-04 10:59 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Ian Zimmerman 2017-03-04 01:37:39 UTC

According to the upstream tracker (see ${URL}):

The bug is in the function make_available_at_least (line 499).
See the following lines:

if (need_alloc > context->allocated) {
    guint new_size = 1;
    while (new_size < need_alloc)
        new_size *= 2;
...

new_size starts with 1 and multiplies until it is larger or equal to need_alloc. If need_alloc is larger than 2^31, new_size will become 2^31 and multiply itself in 2, and become 0. This would lead to an infinite loop.


Reproducible: Always

Comment 1 Agostino Sarubbo gentoo-dev

2017-03-04 10:59:38 UTC


*** This bug has been marked as a duplicate of bug 611390 ***