Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 255217 (CVE-2008-5262) - media-libs/devil<1.7.7 Multiple buffer overflows (CVE-2008-5262)
Summary: media-libs/devil<1.7.7 Multiple buffer overflows (CVE-2008-5262)
Status: RESOLVED FIXED
Alias: CVE-2008-5262
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Security
URL: http://secunia.com/secunia_research/2...
Whiteboard: B2 [glsa]
Keywords:
: 258748 (view as bug list)
Depends on: 258748
Blocks:
  Show dependency tree
 
Reported: 2009-01-16 22:48 UTC by Stefan Behte (RETIRED)
Modified: 2009-03-06 22:45 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Behte (RETIRED) gentoo-dev Security 2009-01-16 22:48:02 UTC
CVE-2008-5262 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-5262):
  Multiple stack-based buffer overflows in the iGetHdrHeader function
  in src-IL/src/il_hdr.c in DevIL 1.7.4 allow context-dependent
  attackers to execute arbitrary code via a crafted Radiance RGBE file.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2009-01-18 12:15:46 UTC
The upstream patch is off-by-one, as reported by Nico Golde in http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=512122
Comment 2 Mr. Bones. (RETIRED) gentoo-dev 2009-02-12 18:19:46 UTC
Added devil-1.7.7 to the tree and put in a stablereq bug (bug #258748).
Comment 3 Robert Buchholz (RETIRED) gentoo-dev 2009-02-12 19:39:19 UTC
*** Bug 258748 has been marked as a duplicate of this bug. ***
Comment 4 Robert Buchholz (RETIRED) gentoo-dev 2009-02-12 19:40:15 UTC
Arches, please test and mark stable:
=media-libs/devil-1.7.7
Target keywords : "amd64 ia64 ppc sparc x86"
Comment 5 Markus Meier gentoo-dev 2009-02-14 20:51:56 UTC
amd64/x86 stable
Comment 6 Raúl Porcel (RETIRED) gentoo-dev 2009-02-16 14:21:04 UTC
ia64/sparc stable
Comment 7 Tobias Scherbaum (RETIRED) gentoo-dev 2009-02-25 16:15:40 UTC
ppc stable
Comment 8 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-05 20:18:14 UTC
GLSA request filed.
Comment 9 Tobias Heinlein (RETIRED) gentoo-dev 2009-03-06 22:45:40 UTC
GLSA 200903-04, thanks everyone, sorry about the delay.