Bug 1277344 (CVE-2015-7189)

Summary:	CVE-2015-7189 Mozilla: Buffer overflow during image interactions in canvas (MFSA 2015-123)
Product:	[Other] Security Response	Reporter:	Huzaifa S. Sidhpurwala <huzaifas>
Component:	vulnerability	Assignee:	Red Hat Product Security <security-response-team>
Status:	CLOSED ERRATA	QA Contact:
Severity:	medium	Docs Contact:
Priority:	medium
Version:	unspecified	CC:	cschalle, jhorak, jrusnack, security-response-team, stransky
Target Milestone:	---	Keywords:	Security
Target Release:	---
Hardware:	All
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2015-11-26 15:10:54 UTC	Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:
Bug Depends On:
Bug Blocks:	1275590

Description Huzaifa S. Sidhpurwala 2015-11-03 05:54:43 UTC

Security researcher Looben Yang reported a buffer overflow in the JPEGEncoder function during script interactions with a canvas element. This is caused by a race condition and incorrectly matched sizes following image interactions. This leads to a potentially exploitable crash. 


External Reference:

https://www.mozilla.org/security/announce/2015/mfsa2015-123.html


Acknowledgements:

Red Hat would like to thank the Mozilla project for reporting this issue. Upstream acknowledges Looben Yang as the original reporter.

Comment 1 errata-xmlrpc 2015-11-04 12:11:56 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 5

Via RHSA-2015:1982 https://rhn.redhat.com/errata/RHSA-2015-1982.html

Comment 2 errata-xmlrpc 2015-11-26 13:41:37 UTC

This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6
  Red Hat Enterprise Linux 7

Via RHSA-2015:2519 https://rhn.redhat.com/errata/RHSA-2015-2519.html