[Pkg-phototools-devel] Bug#801700: optipng: CVE-2015-7802: Buffer overflow in global memory
Ben Hutchings
ben at decadent.org.uk
Tue Oct 13 21:59:06 UTC 2015
Control: tag -1 - security
On Tue, 13 Oct 2015 17:39:02 +0200 Salvatore Bonaccorso <carnil at debian.org> wrote:
> Source: optipng
> Version: 0.7.5-1
> Severity: important
> Tags: security upstream
>
> Hi,
>
> the following vulnerability was published for optipng.
>
> CVE-2015-7802[0]:
> Buffer overflow in global memory
>
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
>
> For further information see:
>
> [0] https://security-tracker.debian.org/tracker/CVE-2015-7802
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1265956
> [2] https://marc.info/?l=oss-security&m=144300993420279&w=2
This isn't even a security flaw, it's just crap code. LZWGetCode()
will *always* read the 2 bytes before the static buffer the first time
it's called with flag == 0.
Ben.
--
Ben Hutchings
Anthony's Law of Force: Don't force it, get a larger hammer.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 811 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/pkg-phototools-devel/attachments/20151013/4ef46ecf/attachment.sig>
More information about the Pkg-phototools-devel
mailing list