732952 – Segfault in PutImagePixels32() while displaying malformed GIF

Bug 732952 - Segfault in PutImagePixels32() while displaying malformed GIF

Summary: Segfault in PutImagePixels32() while displaying malformed GIF

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	pl
Sub Component:
Version:	15
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Petr Pisar
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:	http://www.swi-prolog.org/bugzilla/sh...
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2011-08-24 09:28 UTC by Petr Pisar
Modified:	2011-09-12 13:24 UTC (History)
CC List:	3 users (show)
Fixed In Version:	pl-5.10.5-2.fc17
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2011-09-12 13:24:36 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Bugzilla	727800	0	medium	CLOSED	CVE-2011-2896 David Koblas' GIF decoder LZW decoder buffer overflow	2021-02-24 14:58:49 UTC

Internal Links: 731944

Description Petr Pisar 2011-08-24 09:28:06 UTC

This fork of bug #727800, comment #17.

pl 5.10.2 and 5.10.5 affected. Other version not yet tested.

Comment 1 Petr Pisar 2011-08-24 15:04:21 UTC

pl-5.7.11-6.fc14.x86_64 in Fedora affected too.

Comment 2 Petr Pisar 2011-08-24 15:06:30 UTC

Fixed in upstream xpce repository by two patches:

commit 4bc3a0a32132c04b11ad83f2b5847be83ab7364b
Author: Jan Wielemaker <J.Wielemaker.nl>
Date:   Wed Aug 24 14:40:31 2011 +0200

    SECURITY: Make sure all pixels are within the allocated colormap

commit 797226335ec47573f80e84d0fbdf1536292868d0
Author: Jan Wielemaker <J.Wielemaker.nl>
Date:   Wed Aug 24 14:08:17 2011 +0200

    SECURITY: Bug#9: Loading incomplete GIF files causes an invalid read. Petr P
    
    An incomplete image file causes part of the pixels to be uninitialised.
    As the pixels are entries in a colormap, this causes invalid reads.

Comment 3 Petr Pisar 2011-08-24 15:48:24 UTC

Fixed in F17 as pl-5.10.5-2.fc17.

Comment 4 Fedora Update System 2011-08-24 16:15:14 UTC

pl-5.10.2-5.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/pl-5.10.2-5.fc16

Comment 5 Fedora Update System 2011-08-24 16:17:53 UTC

pl-5.10.2-5.fc15 has been submitted as an update for Fedora 15.
https://admin.fedoraproject.org/updates/pl-5.10.2-5.fc15

Comment 6 Fedora Update System 2011-08-24 16:21:50 UTC

pl-5.7.11-7.fc14 has been submitted as an update for Fedora 14.
https://admin.fedoraproject.org/updates/pl-5.7.11-7.fc14

Comment 7 Fedora Update System 2011-09-08 07:07:22 UTC

pl-5.10.2-5.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2011-09-08 07:10:12 UTC

pl-5.7.11-7.fc14 has been pushed to the Fedora 14 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 9 Fedora Update System 2011-09-09 17:09:23 UTC

pl-5.10.2-5.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.