16367 – gdk-pixbuf heap overflow and DoS

Bug 16367 - gdk-pixbuf heap overflow and DoS

Summary: gdk-pixbuf heap overflow and DoS

Status:	RESOLVED FIXED

Alias:	None

Product:	Mageia
Classification:	Unclassified
Component:	Security (show other bugs)
Version:	5
Hardware:	All Linux

Priority:	Normal Severity: major
Target Milestone:	---
Assignee:	QA Team
QA Contact:	Sec team

URL:
Whiteboard:	MGA5-64-OK advisory
Keywords:	validated_update

Depends on:
Blocks:

Reported:	2015-07-13 15:24 CEST by Olav Vitters
Modified:	2015-08-13 22:57 CEST (History)
CC List:	7 users (show)

See Also:
Source RPM:	gdk-pixbuf2.0-2.31.2-2.mga5.src.rpm
CVE:
Status comment:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Olav Vitters 2015-07-13 15:24:36 CEST

Report:
https://bugzilla.gnome.org/show_bug.cgi?id=752297

Patch:
https://git.gnome.org/browse/gdk-pixbuf/commit/?id=ffec86e

I think this affects gdk-pixbuf 2.31 and above. Not sure which version is on Mageia 5.

Reproducible: 

Steps to Reproduce:

Comment 1 Olav Vitters 2015-07-13 15:27:01 CEST

Mageia 5 has gdk-pixbuf2.0-2.31.2-2.mga5.src.rpm so probably affected.

Version: Cauldron => 5

Sander Lepik 2015-07-18 21:54:01 CEST

CC: (none) => mageia
Source RPM: gdk-pixbuf => gdk-pixbuf2.0-2.31.2-2.mga5.src.rpm

Comment 2 David Walser 2015-07-19 22:59:47 CEST

Fixed in Mageia 5 SVN.

CVE request:
http://openwall.com/lists/oss-security/2015/07/17/17

CC: (none) => luigiwalser

Thierry Vignaud 2015-07-31 09:34:26 CEST

CC: (none) => olav, thierry.vignaud

Comment 3 David Walser 2015-08-13 14:55:51 CEST

Apparently this is the CVE-2015-4491 issue that was fixed in Firefox 38.2:
http://openwall.com/lists/oss-security/2015/08/13/2

Advisory:
========================

Updated gdk-pixbuf packages fix security vulnerability:

Security researcher Gustavo Grieco reported a heap overflow in gdk-pixbuf.
This issue is triggered by the scaling of a malformed bitmap format image and
results in a potentially exploitable crash (CVE-2015-4491).

References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4491
https://www.mozilla.org/en-US/security/advisories/mfsa2015-88/
http://openwall.com/lists/oss-security/2015/08/13/2
========================

Updated packages in core/updates_testing:
========================
gdk-pixbuf2.0-2.31.2-2.1.mga5
libgdk_pixbuf2.0_0-2.31.2-2.1.mga5
libgdk_pixbuf2.0-devel-2.31.2-2.1.mga5
libgdk_pixbuf-gir2.0-2.31.2-2.1.mga5

from gdk-pixbuf2.0-2.31.2-2.1.mga5.src.rpm

Assignee: bugsquad => qa-bugs

Comment 4 Lewis Smith 2015-08-13 21:45:26 CEST

Testing Mageia 5 x64, using:
 firefox-38.2.0-1.mga5 (just updated)
This update:
 lib64gdk_pixbuf2.0_0-2.31.2-2.1.mga5
 lib64gdk_pixbuf-gir2.0-2.31.2-2.1.mga5
 gdk-pixbuf2.0-2.31.2-2.1.mga5

Looked at flickr.com, just photographs. No problems.
OK.

CC: (none) => lewyssmith
Whiteboard: (none) => MGA5-64-OK

Dave Hodgins 2015-08-13 22:14:54 CEST

Keywords: (none) => validated_update
Whiteboard: MGA5-64-OK => MGA5-64-OK advisory
CC: (none) => davidwhodgins, sysadmin-bugs

Comment 5 Mageia Robot 2015-08-13 22:57:20 CEST

An update for this issue has been pushed to Mageia Updates repository.

http://advisories.mageia.org/MGASA-2015-0313.html

Status: NEW => RESOLVED
Resolution: (none) => FIXED

Note You need to log in before you can comment on or make changes to this bug.