[Bug 213020] graphics/gd: Fix integer overflow in gdImageWebpCtx
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Tue Sep 27 13:27:18 UTC 2016
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=213020
Bug ID: 213020
Summary: graphics/gd: Fix integer overflow in gdImageWebpCtx
Product: Ports & Packages
Version: Latest
Hardware: Any
URL: https://github.com/libgd/libgd/issues/308
OS: Any
Status: New
Keywords: patch, security
Severity: Affects Some People
Priority: ---
Component: Individual Port(s)
Assignee: dinoex at FreeBSD.org
Reporter: vlad-fbsd at acheronmedia.com
CC: ale at FreeBSD.org, dinoex at FreeBSD.org,
ports-secteam at FreeBSD.org, tz at freebsd.org
Attachment #175197 maintainer-approval?(dinoex at FreeBSD.org)
Flags:
Assignee: dinoex at FreeBSD.org
Flags: maintainer-feedback?(dinoex at FreeBSD.org),
merge-quarterly?
CC: dinoex at FreeBSD.org
Created attachment 175197
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=175197&action=edit
Fix integer overflow in gdImageWebpCtx
An integer overflow issue was found in function gdImageWebpCtx of file
gd_webp.c which could lead to heap buffer overflow.
* Upstream issue:
https://github.com/libgd/libgd/issues/308
* Upstream commit:
https://github.com/libgd/libgd/commit/40bec0f38f50e8510f5bb71a82f516d46facde03
* CVE request:
http://seclists.org/oss-sec/2016/q3/626
Patch attached. Passes Poudriere build with 11.0-RELEASE amd64. Running build
tests for 10.3 and 9.3.
VuXML entry coming up.
CC ports-secteam and maintainers of php70-gd and php56-gd.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list