Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 852481 - (CVE-2015-2785) CVE-2015-2785 byzanz: Out-of heap-based buffer write in GIF encoder
CVE-2015-2785 byzanz: Out-of heap-based buffer write in GIF encoder
Status: CLOSED WONTFIX
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20150206,repor...
: Security
Depends On:
Blocks: 852484
  Show dependency treegraph
 
Reported: 2012-08-28 12:53 EDT by Jan Lieskovsky
Modified: 2015-05-15 17:31 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2015-04-09 00:49:02 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Jan Lieskovsky 2012-08-28 12:53:44 EDT 
Out-of heap-based buffer write flaw was found in the way Graphics Interchange Format (GIF) image format encoder of Byzanz, a desktop recorder, performed encoding of certain Byzanz debug data recordings (ByzanzRecording files) into GIF images. A remote attacker could provide a specially-crafted Byzanz debug data recording file that, when opened in byzanz-playback executable would lead to that executable crash or, potentially, arbitrary code execution with the privileges of the user running the byzanz-playback binary.

This issue was found by: Murray McAllister, Red Hat Security Response Team
Comment 2 Jan Lieskovsky 2012-08-28 13:19:18 EDT 
This issue affects the version of the byzanz package, as shipped with Red Hat Enterprise Linux 6.

--

This issue affects the versions of the byzanz package, as shipped with Fedora release of 16 and 17.
Comment 6 Salvatore Bonaccorso 2015-02-16 01:12:16 EST 
Hi Jan,

(In reply to Jan Lieskovsky from comment #0)
> Out-of heap-based buffer write flaw was found in the way Graphics
> Interchange Format (GIF) image format encoder of Byzanz, a desktop recorder,
> performed encoding of certain Byzanz debug data recordings (ByzanzRecording
> files) into GIF images. A remote attacker could provide a specially-crafted
> Byzanz debug data recording file that, when opened in byzanz-playback
> executable would lead to that executable crash or, potentially, arbitrary
> code execution with the privileges of the user running the byzanz-playback
> binary.
> 
> This issue was found by: Murray McAllister, Red Hat Security Response Team

Are there more information which you could share? I see Bug 852484 is at least restricted. Are there patches available for this issue in byzanz?

Regards,
Salvatore
Comment 7 Jan Lieskovsky 2015-02-16 05:53:41 EST 
(In reply to Salvatore Bonaccorso from comment #6)
> Hi Jan,
> 
> (In reply to Jan Lieskovsky from comment #0)
> > Out-of heap-based buffer write flaw was found in the way Graphics
> > Interchange Format (GIF) image format encoder of Byzanz, a desktop recorder,
> > performed encoding of certain Byzanz debug data recordings (ByzanzRecording
> > files) into GIF images. A remote attacker could provide a specially-crafted
> > Byzanz debug data recording file that, when opened in byzanz-playback
> > executable would lead to that executable crash or, potentially, arbitrary
> > code execution with the privileges of the user running the byzanz-playback
> > binary.
> > 
> > This issue was found by: Murray McAllister, Red Hat Security Response Team
> 
> Are there more information which you could share? I see Bug 852484 is at
> least restricted. Are there patches available for this issue in byzanz?

Hello Salvatore,

  I am not part of Red Hat Product Security Team any more (=> can't share progress done on this issue with you). Please contact secalert@redhat.com for further issue details.

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Technologies Team

> 
> Regards,
> Salvatore
Comment 8 Kurt Seifried 2015-04-09 00:49:02 EDT 
Statement:

This issue affects the versions of byzanz as shipped with Red Hat Enterprise Linux 6. Red Hat Product Security has rated this issue as having Moderate security impact. A future update may address this issue. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.
Comment 9 Fabio Olive Leite 2015-05-04 22:54:20 EDT 
Hello Salvatore,

(In reply to Salvatore Bonaccorso from comment #6)
> 
> Are there more information which you could share? I see Bug 852484 is at
> least restricted. Are there patches available for this issue in byzanz?

Are you still looking for more information on this bug? I see that the needinfo flag was set to a generic internal address so nobody got a notification when it was set.

Thank you for your attention,
Fábio Olivé
Comment 10 Markus Koschany 2015-05-15 17:31:50 EDT 
(In reply to Fabio Olive Leite from comment #9)
> Hello Salvatore,
> 
> (In reply to Salvatore Bonaccorso from comment #6)
> > 
> > Are there more information which you could share? I see Bug 852484 is at
> > least restricted. Are there patches available for this issue in byzanz?
> 
> Are you still looking for more information on this bug? I see that the
> needinfo flag was set to a generic internal address so nobody got a
> notification when it was set.

Hello,

I'm the Debian maintainer of byzanz. CVE-2015-2785 was assigned to this bug report but we still don't know anything about the vulnerability. What part of the code is affected? Can someone provide a test case? Are there any patches available?

Regards,

Markus Koschany
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.