Hi Markus, On Thu, Feb 25, 2021 at 09:11:47AM +0100, Markus Koschany wrote: > Hello security team, hello Hugo, I hope you are doing well! > > I have just uploaded a NMU for xcftools fixing CVE-2019-5086 and > CVE-2019-5087. > The new patch also addresses the 32 bit portability issues. The basic idea > behind it is to limit possible values of width and height (which can only be > positive) and the offset (which can be positive and negative) to one quarter > of > INT_MAX/INT_MIN. This works for reasonably large images but will of course > fail > for some extreme corner cases now. Since the computeDimensions function is > responsible for determining these values, you can find the guards there. I > have > attached the POC from Anton Gladky (a manipulated xcf file) which simulates > extremely large values for height and width. To reproduce the guard is > working: > > xcfinfo small_manipulated.xcf > xcf2png -o test.png small_manipulated.xcf -C > > I propose to use this patch also for Buster either for a point update or > security release. Feedback always welcome.
Thanks for taking care of it, we think at this point an update in stable is enough via an upcoming point release, so I would like to route you there. Regards, Salvatore
