Bug 963634 - (CVE-2016-1933) VUL-0: CVE-2016-1933: MozillaFirefox: Out of Memory crash when parsing GIF format images
VUL-0: CVE-2016-1933: MozillaFirefox: Out of Memory crash when parsing GIF fo...
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
All openSUSE 42.1
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
Depends on: 963520
  Show dependency treegraph
Reported: 2016-01-26 18:08 UTC by Andreas Stieger
Modified: 2020-04-05 18:20 UTC (History)
6 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2016-01-26 18:08:36 UTC

Security researcher Gustavo Grieco reported an out of memory crash when loading maliciously crafted GIF format images. Investigation of the issue determined that the root cause was an error in image parsing code during deinterlacing, leading to a potential integer overflow. 


openSUSE only.
Comment 1 Swamp Workflow Management 2016-01-26 23:00:27 UTC
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-01-27 10:40:39 UTC
openSUSE update is running
Comment 3 Andreas Stieger 2016-02-01 21:26:28 UTC
Releasing updates for openSUSE only bugs.
Comment 4 Swamp Workflow Management 2016-02-02 01:12:43 UTC
openSUSE-SU-2016:0309-1: An update that fixes 14 vulnerabilities is now available.

Category: security (important)
Bug References: 963633,963634,963635,963637,963641,963643,963644,963645,963731
CVE References: CVE-2015-7208,CVE-2016-1930,CVE-2016-1931,CVE-2016-1933,CVE-2016-1935,CVE-2016-1937,CVE-2016-1938,CVE-2016-1939,CVE-2016-1942,CVE-2016-1943,CVE-2016-1944,CVE-2016-1945,CVE-2016-1946,CVE-2016-1947
Sources used:
openSUSE Leap 42.1 (src):    MozillaFirefox-44.0-12.2, mozilla-nspr-4.11-7.1, mozilla-nss-3.21-9.1
openSUSE 13.2 (src):    MozillaFirefox-44.0-59.1, mozilla-nspr-4.11-12.1, mozilla-nss-3.21-25.1