Hide Forgot
Created attachment 1060748 [details] sample for reproducing crash Description of problem: Recently I reported an use-after-free issue in Decoder.cpp to upstream. And it's fixed by the upstream. The problem is due to lack of validation of ColorTableSize. The bug was fixed by upstream: https://sourceforge.net/p/libpgf/code/147/ https://sourceforge.net/p/libpgf/code/148/ Version-Release number of selected component (if applicable): Versions before 6.15.32 How reproducible: In the upstream's repo, there is a proof-of-concept utility(https://sourceforge.net/p/libpgf/code/HEAD/tree/trunk/pgf , note: the bug is in the library, not in this utility). Issuing the following commands with the attached crash.pgf: $ ./libpgf-code-136-trunk/pgf/build/src/pgf -d crash.pgf out.gif
libpgf-6.14.12-4.fc23 has been submitted as an update for Fedora 23. https://admin.fedoraproject.org/updates/libpgf-6.14.12-4.fc23
libpgf-6.14.12-4.el7 has been submitted as an update for Fedora EPEL 7. https://admin.fedoraproject.org/updates/libpgf-6.14.12-4.el7
Package libpgf-6.14.12-4.el7: * should fix your issue, * was pushed to the Fedora EPEL 7 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=epel-testing libpgf-6.14.12-4.el7' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2015-7600/libpgf-6.14.12-4.el7 then log in and leave karma (feedback).
libpgf-6.14.12-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
CVE assignment: http://seclists.org/oss-sec/2015/q3/437
libpgf-6.14.12-4.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.