[Bug 1318977] New: CVE-2016-3190 cairo: out of bounds read in fill_xrgb32_lerp_opaque_spans

[bugzilla]

https://bugzilla.redhat.com/show_bug.cgi?id=1318977

            Bug ID: 1318977
           Summary: CVE-2016-3190 cairo: out of bounds read in
                    fill_xrgb32_lerp_opaque_spans
           Product: Security Response
         Component: vulnerability
          Keywords: Security
          Severity: medium
          Priority: medium
          Assignee: security-response-t...@redhat.com
          Reporter: ane...@redhat.com
                CC: erik-fed...@vanpienbroek.nl,
                    fedora-mi...@lists.fedoraproject.org,
                    marcandre.lur...@redhat.com, o...@redhat.com,
                    rjo...@redhat.com, t.sai...@alumni.ethz.ch




A vulnerability was found in cairo. A maliciously crafted file can cause out of
bounds read in fill_xrgb32_lerp_opaque_spans function in cairo, thus crashing
the software.

Upstream fix:

https://cgit.freedesktop.org/cairo/patch/src/cairo-image-compositor.c?id=5c82d91a5e15d29b1489dcb413b24ee7fdf59934

References:

http://seclists.org/oss-sec/2016/q1/675

External references:

https://mail.gnome.org/archives/gnome-announce-list/2015-March/msg00047.html

-- 
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
http://lists.fedoraproject.org/admin/lists/mingw@lists.fedoraproject.org