Source: gdk-pixbuf Version: 2.31.1-1 Severity: important Tags: security upstream Forwarded: https://bugzilla.gnome.org/show_bug.cgi?id=769170
>From upstream bug report, and since there is no CVE assigned, for better trackability: > There's a crash when loading specially crafted ico files. > > See http://seclists.org/oss-sec/2016/q3/61 > > I have reproduced this with 2.30.7, 2.31.1 and 2.35.2. It doesn't > happen with 2.26.1. It's easily reproducible with tests/pixbuf-read. > > Here's the backtrace for 2.35.2: > > Program received signal SIGSEGV, Segmentation fault. > 0x00007ffff54ea414 in OneLine32 (context=0x611f50) at io-ico.c:596 > 596 Pixels[X * 4 + 0] = context->LineBuf[X * 4 + 2]; > (gdb) bt > #0 0x00007ffff54ea414 in gdk_pixbuf__ico_image_load_increment > (context=0x611f50) at io-ico.c:596 > #1 0x00007ffff54ea414 in gdk_pixbuf__ico_image_load_increment > (context=0x611f50) at io-ico.c:807 > #2 0x00007ffff54ea414 in gdk_pixbuf__ico_image_load_increment > (data=0x611f50, buf=0x60fc52 "", size=0, error=0x7fffffffe438) at io-ico.c:898 > #3 0x00007ffff7bc4695 in gdk_pixbuf_loader_load_module > (loader=loader@entry=0x60f400 [GdkPixbufLoader], > image_type=image_type@entry=0x0, error=error@entry=0x7fffffffe438) at > gdk-pixbuf-loader.c:443 > #4 0x00007ffff7bc4f20 in gdk_pixbuf_loader_close > (loader=loader@entry=0x60f400 [GdkPixbufLoader], > error=error@entry=0x7fffffffe488) > at gdk-pixbuf-loader.c:808 > #5 0x0000000000400ac6 in main (err=0x7fffffffe488, len=70, bytes=0x60cdf0 > "") at pixbuf-read.c:35 > #6 0x0000000000400ac6 in main (argc=<optimized out>, argv=<optimized out>) > at pixbuf-read.c:75 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
