Bug 1138468 (CVE-2015-7557)

Summary: VUL-0: CVE-2015-7557,CVE-2015-7558: librsvg: librsvg2: Out-of-bounds heap read when parsing SVG file
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Federico Mena Quintero <federico>
Status: RESOLVED INVALID QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: smash_bz, sreeves
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
URL: https://smash.suse.de/issue/160016/
Whiteboard:
Found By: Security Response Team Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Marcus Meissner 2019-06-17 15:14:48 UTC
rh#1268239

It was reported that out-of-band heap read is performed in librsvg2 when parsing SVG file.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1268243
https://bugzilla.redhat.com/show_bug.cgi?id=1268239
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7557
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7558
http://www.openwall.com/lists/oss-security/2017/02/15/4
http://seclists.org/oss-sec/2015/q4/549
http://seclists.org/oss-sec/2016/q2/175
http://www.openwall.com/lists/oss-security/2016/09/29/28
http://www.openwall.com/lists/oss-security/2017/08/20/1
http://www.openwall.com/lists/oss-security/2017/04/16/4
http://www.openwall.com/lists/oss-security/2017/05/01/14
http://www.openwall.com/lists/oss-security/2016/04/30/3
http://seclists.org/oss-sec/2016/q2/483
http://www.openwall.com/lists/oss-security/2013/03/22/10
http://www.openwall.com/lists/oss-security/2015/10/27/3
http://seclists.org/oss-sec/2016/q2/344
http://www.openwall.com/lists/oss-security/2015/12/21/5
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=361540
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7558.html
http://www.debian.org/security/2016/dsa-3584
http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-7557.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14121
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-9230
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8069
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7557
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7558
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14120
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14122
http://cve.mitre.org/cve/request_id.html
https://git.gnome.org/browse/librsvg/commit/rsvg-shapes.c?id=40af93e6eb1c94b90c3b9a0b87e0840e126bb8df
https://git.gnome.org/browse/librsvg/commit/?id=a51919f7e1ca9c535390a746fbf6e28c8402dc61
https://git.gnome.org/browse/librsvg/tree/NEWS
Comment 2 Federico Mena Quintero 2019-06-21 18:09:49 UTC
This is not useful, sorry.  The referenced bugs are fixed in very old versions.