First Last Prev Next    This bug is not in your last search results.
Bug 963634 - (CVE-2016-1933) VUL-0: CVE-2016-1933: MozillaFirefox: Out of Memory crash when parsing GIF format images
(CVE-2016-1933)
VUL-0: CVE-2016-1933: MozillaFirefox: Out of Memory crash when parsing GIF fo...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
All openSUSE 42.1
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
:
Depends on: 963520
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-26 18:08 UTC by Andreas Stieger
Modified: 2020-04-05 18:20 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-01-26 18:08:36 UTC 
https://www.mozilla.org/en-US/security/advisories/mfsa2016-02/

Security researcher Gustavo Grieco reported an out of memory crash when loading maliciously crafted GIF format images. Investigation of the issue determined that the root cause was an error in image parsing code during deinterlacing, leading to a potential integer overflow. 

https://bugzilla.mozilla.org/show_bug.cgi?id=1231761

openSUSE only.
Comment 1 Swamp Workflow Management 2016-01-26 23:00:27 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-01-27 10:40:39 UTC 
openSUSE update is running
Comment 3 Andreas Stieger 2016-02-01 21:26:28 UTC 
Releasing updates for openSUSE only bugs.
Comment 4 Swamp Workflow Management 2016-02-02 01:12:43 UTC 
openSUSE-SU-2016:0309-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 963633,963634,963635,963637,963641,963643,963644,963645,963731
CVE References: CVE-2015-7208,CVE-2016-1930,CVE-2016-1931,CVE-2016-1933,CVE-2016-1935,CVE-2016-1937,CVE-2016-1938,CVE-2016-1939,CVE-2016-1942,CVE-2016-1943,CVE-2016-1944,CVE-2016-1945,CVE-2016-1946,CVE-2016-1947
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-44.0-12.2, mozilla-nspr-4.11-7.1, mozilla-nss-3.21-9.1
openSUSE 13.2 (src):    MozillaFirefox-44.0-59.1, mozilla-nspr-4.11-12.1, mozilla-nss-3.21-25.1
First Last Prev Next    This bug is not in your last search results.