Bug 963797 - (CVE-2014-9764) VUL-1: CVE-2014-9764: imlib2: segmentation fault when opening specifically crafted input
(CVE-2014-9764)
VUL-1: CVE-2014-9764: imlib2: segmentation fault when opening specifically cr...
Status: RESOLVED FIXED
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P4 - Low : Minor
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/161230/
CVSSv2:SUSE:CVE-2014-9762:4.3:(AV:N/A...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-27 14:32 UTC by Johannes Segitz
Modified: 2020-03-18 18:15 UTC (History)
3 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Comment 1 Swamp Workflow Management 2016-01-28 23:01:57 UTC
bugbot adjusting priority
Comment 2 Simon Lees 2016-04-03 04:34:45 UTC
These issues CVE-2014-9763 CVE-2014-9764 CVE-2014-9762 are all related to handling with giflib they also effect efl/evas in openSUSE (All supported releases). Upstream also recommends updating to 5.1.4 of giflib. I'm happy to do the imlib2 / evas fixes. 

Original bug report: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369

giflib bug report: https://sourceforge.net/p/giflib/bugs/94/
giflib fix: https://sourceforge.net/p/giflib/code/ci/cb88511b50621233ae93858ba38f004726d1bc5d/

evas / efl upstream fix commits:
dd90b6afadf706aafec9e53a6b1efa8f899ab277
f56e33f429cfc165a5a7e7c75c5b2271ba8b58d8

Upstream Mailing list threads (don't ask why there are 4):
https://www.mail-archive.com/enlightenment-devel@lists.sourceforge.net/msg80456.html
https://www.mail-archive.com/enlightenment-devel@lists.sourceforge.net/msg80454.html
https://www.mail-archive.com/enlightenment-devel@lists.sourceforge.net/msg80444.html
Comment 3 Simon Lees 2016-04-03 22:38:53 UTC
My mistake, the issues I raised seem new, I'll create a new ticket but fix these at the same time.
Comment 6 Swamp Workflow Management 2016-05-18 12:12:39 UTC
openSUSE-SU-2016:1330-1: An update that fixes 8 vulnerabilities is now available.

Category: security (moderate)
Bug References: 963796,963797,963800,973759,973761,974202,974854,975703
CVE References: CVE-2011-5326,CVE-2014-9762,CVE-2014-9763,CVE-2014-9764,CVE-2014-9771,CVE-2016-3993,CVE-2016-3994,CVE-2016-4024
Sources used:
openSUSE 13.2 (src):    imlib2-1.4.9-17.4.1
Comment 7 Swamp Workflow Management 2016-06-03 11:08:33 UTC
SUSE-SU-2016:1481-1: An update that solves 5 vulnerabilities and has one errata is now available.

Category: security (moderate)
Bug References: 963797,963800,973759,973761,974202,977538
CVE References: CVE-2011-5326,CVE-2014-9763,CVE-2014-9764,CVE-2016-3993,CVE-2016-3994
Sources used:
SUSE Linux Enterprise Software Development Kit 11-SP4 (src):    imlib2-1.4.2-2.20.1
SUSE Linux Enterprise Debuginfo 11-SP4 (src):    imlib2-1.4.2-2.20.1
Comment 8 Marcus Meissner 2017-06-15 21:29:40 UTC
released
Comment 9 Swamp Workflow Management 2018-03-27 23:40:30 UTC
This is an autogenerated message for OBS integration:
This bug (963797) was mentioned in
https://build.opensuse.org/request/show/591766 15.0 / efl