|
Bugzilla – Full Text Bug Listing |
| Summary: | VUL-0: CVE-2005-3350: libungif crashes | ||
|---|---|---|---|
| Product: | [Novell Products] SUSE Security Incidents | Reporter: | Marcus Meissner <meissner> |
| Component: | Incidents | Assignee: | Security Team bot <security-team> |
| Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
| Severity: | Major | ||
| Priority: | P5 - None | CC: | nadvornik, security-team |
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | CVE-2005-3350: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) | ||
| Found By: | Other | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | fix for memleak | ||
|
Comment 1
Ludwig Nussel
2005-10-21 15:43:54 UTC
2 local non-root user +1 default package +1 default active -1 user interaction +1 command execution Total Score: 4 (Moderate) libungif packages are submitted for sles8, sles9 and 9.0 giflib packages are submitted for 9.2-10.0 The patch, especially the one for giflib, contains unneeded stuff. I also believe the fix introduces a memleak in the error case. Will investigate further. Created attachment 55820 [details]
fix for memleak
newer libungif already have that fix. I'd suggest to include it in our versions. The patches for giflib contain unleated changes but should be fine.
I added the memory leak fix to libungif and removed the unneeded stuff from giflib. It was mainly a 64bit fix which is in our packages fixed by another patch. Packages are submitted to /work/src/done/*/*.new bad1.gif trigger a NULL dereference crash CVE-2005-2974 libungif NULL pointer deref bad2 and bad3 trigger out of bounds memory access crashes. bad2 may possibly allow for arbitrary code execution as it's an OOB write. CVE-2005-3350 libungif OOB access Maintenance-Tracker-2714 updates released CVE-2005-3350: CVSS v2 Base Score: 7.5 (AV:N/AC:L/Au:N/C:P/I:P/A:P) |