[Pixman] CVE-2014-9766 assigned for integer overflow in pixman < 0.32.6

[Alan Coopersmith]

See attached emails for discussion from the oss-security mailing list.

The quoted patch was applied to the master branch of the pixman git repo as:

https://cgit.freedesktop.org/pixman/commit/?id=857e40f3d2bc2cfb714913e0cd7e6184cf69aca3

and to the pixman-0.32 branch as:

https://cgit.freedesktop.org/pixman/commit/?id=50d7b5fa8ea2ae119f35c20ab0dd0413d5103cbb

It is included in pixman 0.32.6 and later releases.

--
        -Alan Coopersmith-              alan.coopersm...@oracle.com
          X.Org Security Response Team - xorg-secur...@lists.x.org

--- Begin Message ---

 Hi,

There is an (old) integer overflow in create_bits in the pixman library.
Patch and details are available here:

https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/archives/pixman/2014-April/003244.html

Please, assign a CVE to this issue.

Regards,
Gustavo.

--- End Message ---

--- Begin Message ---

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> There is an (old) integer overflow in create_bits in the pixman library.

> https://web.archive.org/web/20141227044037/http://lists.freedesktop.org/archives/pixman/2014-April/003244.html
> https://bugzilla.redhat.com/show_bug.cgi?id=972647

Use CVE-2014-9766.


003244.html has this linked discussion, which is not part of the
definition of the CVE-2014-9766 ID:

  https://bugs.freedesktop.org/show_bug.cgi?id=69014
  https://lists.freedesktop.org/archives/pixman/2013-September/002915.html
  https://bugs.freedesktop.org/attachment.cgi?id=85448

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJWzdF9AAoJEL54rhJi8gl5BlIQALu4bdEqoZE/fTlEJSOXQj2s
4ZWZYb120yISoKjK3kHfGfDtJMi/JeEkXkMTkQjulreq/wYHBHnBeGBxJBw1laae
7JtS8ULmmR8+WBd/X1ZTmfZ4VhwYcJn0utXaN7su0QK6a3YfG7DasL1Paywf1z6E
eDMXRJgDE2ml3sHTyodAFvfHbYcpMK7EQao7HJA7o49Vr0NcNJVmW+pYqu0Hq0N+
j+WilQ4eYiw1I6GgXxiQQlOKFKdnKmflOJXEJp8qMr8iokP9OX5ewN7d/007uZNA
3gCzt7tpsBACzjx/01exaUdKOFDxHB+l1vglHiC2aFlLN46U637DiJpL0OMN+soF
AYV0vRGIfxKZOSpSk4398gbX10kv2ew9uOG9UbzkRqneZmdXWqZXPMJ2eH/H2doV
hdNpt7B+6mgKQpYZZI3OrMilj5ZXfGNc4R2RSt0ViTfabn6D5gYynTrE+Jh37mgZ
phfBvReUZIP108iAgdxOOi2pLRuUYU4ayeDmQkhNQPaokoAyxkOdy7eorJC8yRD5
HJ/sL6zKuLJkfaBrsr5zbOe3DD2VqtFQ/mGp0kgAjcKpgdvFyR5IG3n0JiBS+p8c
Q/CC7tb/gFLJYR9fReUmeJJ4xIY6dzUaXRaxocWuSts8sOgwwyUEiIdDdEK3vxu2
Gew7VEXZN1T9nBktQhgY
=IpY0
-----END PGP SIGNATURE-----

--- End Message ---

_______________________________________________
Pixman mailing list
Pixman@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/pixman