Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 639690 (CVE-2017-16938) - <media-gfx/optipng-0.7.6-r2: Global buffer overflow (CVE-2017-16938)
Summary: <media-gfx/optipng-0.7.6-r2: Global buffer overflow (CVE-2017-16938)
Status: RESOLVED FIXED
Alias: CVE-2017-16938
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa cve cleanup]
Keywords:
Depends on:
Blocks:
 
Reported: 2017-12-04 01:36 UTC by GLSAMaker/CVETool Bot
Modified: 2018-01-07 23:18 UTC (History)
1 user (show)

See Also:
Package list:
=media-gfx/optipng-0.7.6-r2
Runtime testing required: ---
stable-bot: sanity-check+

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2017-12-04 01:36:38 UTC 
CVE-2017-16938 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-16938):
  A global buffer overflow in OptiPNG 0.7.6 allows remote attackers to cause a
  denial-of-service attack or other unspecified impact with a maliciously
  crafted GIF format file, related to an uncontrolled loop in the LZWReadByte
  function of the gifread.c file.
Comment 1 Christopher Díaz Riveros (RETIRED) gentoo-dev Security 2017-12-04 01:37:33 UTC 
@Maintainer please let us know if we are affected. Call for stabilization when ready if that's the case.

Thank you.
Comment 2 Sebastian Pipping gentoo-dev 2017-12-04 19:45:19 UTC 
commit 0da7381ee3668b7d015fc4082a001dcda0b94707
Author: Sebastian Pipping <sping@g.o>
Date:   Mon Dec 4 20:37:28 2017 +0100

    media-gfx/optipng: CVE-2017-16938
    
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 .../files/optipng-0.7.6-cve-2017-16938.patch       | 22 ++++++++
 media-gfx/optipng/optipng-0.7.6-r2.ebuild          | 59 ++++++++++++++++++++++
 2 files changed, 81 insertions(+)
[1]+  Done                    meld optipng-0.7.6-r{1,2}.ebuild

https://github.com/gentoo/gentoo/commit/0da7381ee3668b7d015fc4082a001dcda0b94707


(In reply to Christopher Díaz Riveros from comment #1)
> @Maintainer please let us know if we are affected.

Proof of concept file segfaults on amd64, no more crash with upstream patch.
Applied in Gentoo now.


(In reply to Christopher Díaz Riveros from comment #1)
> Call for stabilization when ready if that's the case.

Adding targets: amd64 ppc64 ppc x86

# eshowkw 
Keywords for media-gfx/optipng:
            |                                 |   u   |  
            | a a         p   a     n r     s |   n   |  
            | l m   h i   p   r m m i i s   p | e u s | r
            | p d a p a p c x m i 6 o s 3   a | a s l | e
            | h 6 r p 6 p 6 8 6 p 8 s c 9 s r | p e o | p
            | a 4 m a 4 c 4 6 4 s k 2 v 0 h c | i d t | o
------------+---------------------------------+-------+-------
   0.7.6-r1 | ~ + ~ o o + + + o o o o o o o o | 4 o 0 | gentoo
[I]0.7.6-r2 | ~ ~ ~ o o ~ ~ ~ o o o o o o o o | 6 o   | gentoo
Comment 3 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-08 20:39:59 UTC 
x86 stable
Comment 4 Sergei Trofimovich (RETIRED) gentoo-dev 2017-12-10 23:01:00 UTC 
ppc/ppc64 stable
Comment 5 Thomas Deutschmann (RETIRED) gentoo-dev 2017-12-14 16:49:39 UTC 
Added to an existing GLSA.
Comment 6 Agostino Sarubbo gentoo-dev 2017-12-14 20:27:30 UTC 
amd64 stable.

Maintainer(s), please cleanup.
Comment 7 Sebastian Pipping gentoo-dev 2018-01-03 19:37:01 UTC 
(In reply to Agostino Sarubbo from comment #6)
> Maintainer(s), please cleanup.

commit f836c9c5676d9d55c4082ac0343122755ccdf9d9
Author: Sebastian Pipping <sping@g.o>
Date:   Wed Jan 3 20:36:06 2018 +0100

    media-gfx/optipng: Remove 0.7.6-r1 (bug 639690)
    
    Package-Manager: Portage-2.3.16, Repoman-2.3.6

 media-gfx/optipng/optipng-0.7.6-r1.ebuild | 56 -------------------------------
 1 file changed, 56 deletions(-)

https://github.com/gentoo/gentoo/commit/f836c9c5676d9d55c4082ac0343122755ccdf9d9
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2018-01-07 23:18:00 UTC 
This issue was resolved and addressed in
 GLSA 201801-02 at https://security.gentoo.org/glsa/201801-02
by GLSA coordinator Aaron Bauman (b-man).