Bug 974879 (CVE-2016-3994) - VUL-0: CVE-2016-3994 imlib2: out of bound read in GIF loader
Summary: VUL-0: CVE-2016-3994 imlib2: out of bound read in GIF loader
Status: RESOLVED DUPLICATE of bug 973759
Alias: CVE-2016-3994
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Simon Lees
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/167248/
Whiteboard: CVSSv2:SUSE:CVE-2016-3994:6.4:(AV:N/A...
Keywords:
Depends on:
Blocks:
 
Reported: 2016-04-11 12:01 UTC by Johannes Segitz
Modified: 2020-06-18 02:31 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Johannes Segitz 2016-04-11 12:01:16 UTC 
rh#1323060

A vulnerability was found in a way imlib2 processes GIF files. A specially crafted file could cause the imlib2 to crash, or even expose some of the host memory.

Original bug report (reproducer attached):
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369

Upstream fix:
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1323060
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3994
http://seclists.org/oss-sec/2016/q2/46
Comment 1 Swamp Workflow Management 2016-04-11 22:01:11 UTC 
bugbot adjusting priority
Comment 2 Simon Lees 2016-04-28 00:01:14 UTC 
This is a duplicate of bsc#973759 added info there instead

*** This bug has been marked as a duplicate of bug 973759 ***