Stack-based buffer overflow in libpixman, as used in Pale Moon before 15.4, has unspecified impact and attack vectors. The upstream commit to correct this flaw: http://cgit.freedesktop.org/pixman/commit/?id=de60e2e0e3eb6084f8f14b63f25b3cbfb012943f The affected code (pixman/pixman-inlines.h, fast_composite_scaled_bilinear()) is present in the version of pixmap shipped with Fedora 17 (0.24.4), but is not present in Red Hat Enterprise Linux 5 or 6 (the fast_composite_scaled_bilinear() function is in pixman/pixman-fast-path.h, but the vulnerable code is not there and I don't detect anything comparable). So it's likely that the vulnerable code was introduced after 0.22.0.
Created pixman tracking bugs for this issue Affects: fedora-all [bug 910152]
pixman-0.28.0-1.fc18 has been pushed to the Fedora 18 stable repository. If problems still persist, please make note of it in this bug report.
pixman-0.28.0-1.fc17 has been pushed to the Fedora 17 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2013:0687 https://rhn.redhat.com/errata/RHSA-2013-0687.html
Statement: This issue did not affect the versions of pixman as shipped with Red Hat Enterprise Linux 5 as it did not contain the vulnerable code.
This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2013:0746 https://rhn.redhat.com/errata/RHSA-2013-0746.html