Bug 1531397 (CVE-2017-1000422)
| Summary: | CVE-2017-1000422 gdk-pixbuf: Integer overflow in io-gif.c:gif_get_lzw() can lead to memory corruption and potential code execution | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Sam Fowler <sfowler> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | bruno, extras-orphan, kevin, mclasen, otte |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2018-01-22 04:45:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 1531399 | ||
|
Description
Sam Fowler
2018-01-05 05:31:58 UTC
Analysis: When rendering very large GIF files, gdk-pixbuf2 would previously fail after attempting to allocate memory because of a possible integer overflow, since frame_len * frame_height would be result in an overflow. https://git.gnome.org/browse/gdk-pixbuf/commit/?id=0012e06 (patch fixing this CVE) detects the overflow before attempting to allocate memory. Therefore essentially the flaw is already mitigated in the existing code. It is preferable to be able to detect an overflow before attempting memory, but not doing so should not be a flaw in itself. |