949959 – (CVE-2015-7802) VUL-1: CVE-2015-7802: optipng: Buffer overflow in global memory

Bug 949959 (CVE-2015-7802) - VUL-1: CVE-2015-7802: optipng: Buffer overflow in global memory

Summary: VUL-1: CVE-2015-7802: optipng: Buffer overflow in global memory

Status:	RESOLVED WONTFIX

Alias:	CVE-2015-7802

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other openSUSE 13.2

Priority:	P3 - Medium Severity: Minor
Target Milestone:	---
Assignee:	Petr Gajdos
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/157564/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2015-10-12 09:35 UTC by Andreas Stieger
Modified:	2015-10-15 09:48 UTC (History)
CC List:	3 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer image (1.11 KB, image/gif) 2015-10-12 09:35 UTC, Andreas Stieger	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Andreas Stieger 2015-10-12 09:35:32 UTC

Created attachment 651150 [details]
Reproducer image

http://seclists.org/oss-sec/2015/q3/632

    We found a buffer overflow in global memory affecting optipng 0.7.5 using a
    gif file.


    ==11221== ERROR: AddressSanitizer: global-buffer-overflow on address
    0x00000069541e at pc 0x46d24b bp 0x7fffffffaee0 sp 0x7fffffffaed8
    READ of size 1


Use CVE-2015-7802 for this buffer over-read issue.




References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-7802
http://seclists.org/oss-sec/2015/q4/56
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-7802

Comment 1 Swamp Workflow Management 2015-10-12 22:00:36 UTC

bugbot adjusting priority

Comment 3 Andreas Stieger 2015-10-15 09:48:30 UTC

Considered a bug, not security issue. No separate update required.