1094812 – (CVE-2018-11507) VUL-0: CVE-2018-11507: flif: Long loop in image_load_pnm in image/image-pnm.cpp.

Bug 1094812 (CVE-2018-11507) - VUL-0: CVE-2018-11507: flif: Long loop in image_load_pnm in image/image-pnm.cpp.

Summary: VUL-0: CVE-2018-11507: flif: Long loop in image_load_pnm in image/image-pnm.cpp.

Status:	RESOLVED WONTFIX

Alias:	CVE-2018-11507

Product:	openSUSE Distribution
Classification:	openSUSE
Component:	Security (show other bugs)
Version:	Leap 42.3
Hardware:	Other Other

Priority:	P5 - None Severity: Normal (vote)
Target Milestone:	---
Assignee:	Luigi Baldoni
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/206567/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2018-05-28 06:49 UTC by Johannes Segitz
Modified:	2018-05-28 07:36 UTC (History)
CC List:	0 users

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Reproducer (335 bytes, application/zip) 2018-05-28 06:49 UTC, Johannes Segitz	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Johannes Segitz 2018-05-28 06:49:22 UTC

Created attachment 771504 [details]
Reproducer

CVE-2018-11507

An issue was discovered in Free Lossless Image Format (FLIF) 0.3. An attacker
can trigger a long loop in image_load_pnm in image/image-pnm.cpp.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-11507
https://github.com/FLIF-hub/FLIF/issues/509

Comment 1 Luigi Baldoni 2018-05-28 07:36:50 UTC

Upstream won't act on these problems, cf. https://bugzilla.opensuse.org/show_bug.cgi?id=1092875 .

Issued a delete request until things change on their end.