Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

optipng: CVE-2015-7802: Buffer overflow in global memory

Related Vulnerabilities: CVE-2015-7802   CVE-2016-2191  

Source

Debian Bug report logs - #801700
optipng: CVE-2015-7802: Buffer overflow in global memory

version graph

Package: src:optipng; Maintainer for src:optipng is Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>;

Reported by: Salvatore Bonaccorso <carnil@debian.org>

Date: Tue, 13 Oct 2015 15:42:01 UTC

Severity: important

Tags: upstream

Found in version optipng/0.7.5-1

Fixed in version optipng/0.7.6-1

Done: Emmanuel Bouthenot <kolter@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#801700; Package src:optipng. (Tue, 13 Oct 2015 15:42:05 GMT) (full text, mbox, link).

Acknowledgement sent to Salvatore Bonaccorso <carnil@debian.org>:
New Bug report received and forwarded. Copy sent to carnil@debian.org, team@security.debian.org, secure-testing-team@lists.alioth.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Tue, 13 Oct 2015 15:42:05 GMT) (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Salvatore Bonaccorso <carnil@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: optipng: CVE-2015-7802: Buffer overflow in global memory
Date: Tue, 13 Oct 2015 17:39:02 +0200
Source: optipng
Version: 0.7.5-1
Severity: important
Tags: security upstream

Hi,

the following vulnerability was published for optipng.

CVE-2015-7802[0]:
Buffer overflow in global memory

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2015-7802
[1] https://bugzilla.redhat.com/show_bug.cgi?id=1265956
[2] https://marc.info/?l=oss-security&m=144300993420279&w=2

Please adjust the affected versions in the BTS as needed.

Regards,
Salvatore

Information forwarded to debian-bugs-dist@lists.debian.org, Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>:
Bug#801700; Package src:optipng. (Tue, 13 Oct 2015 22:03:03 GMT) (full text, mbox, link).

Acknowledgement sent to Ben Hutchings <ben@decadent.org.uk>:
Extra info received and forwarded to list. Copy sent to Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>. (Tue, 13 Oct 2015 22:03:03 GMT) (full text, mbox, link).

Message #10 received at 801700@bugs.debian.org (full text, mbox, reply):

From: Ben Hutchings <ben@decadent.org.uk>
To: 801700@bugs.debian.org
Subject: Re: optipng: CVE-2015-7802: Buffer overflow in global memory
Date: Tue, 13 Oct 2015 22:59:06 +0100
[Message part 1 (text/plain, inline)]
Control: tag -1 - security

On Tue, 13 Oct 2015 17:39:02 +0200 Salvatore Bonaccorso <carnil@debian.org> wrote:
> Source: optipng
> Version: 0.7.5-1
> Severity: important
> Tags: security upstream
> 
> Hi,
> 
> the following vulnerability was published for optipng.
> 
> CVE-2015-7802[0]:
> Buffer overflow in global memory
> 
> If you fix the vulnerability please also make sure to include the
> CVE (Common Vulnerabilities & Exposures) id in your changelog entry.
> 
> For further information see:
> 
> [0] https://security-tracker.debian.org/tracker/CVE-2015-7802
> [1] https://bugzilla.redhat.com/show_bug.cgi?id=1265956
> [2] https://marc.info/?l=oss-security&m=144300993420279&w=2

This isn't even a security flaw, it's just crap code.  LZWGetCode()
will *always* read the 2 bytes before the static buffer the first time
it's called with flag == 0.

Ben.

-- 
Ben Hutchings
Anthony's Law of Force: Don't force it, get a larger hammer.
[signature.asc (application/pgp-signature, inline)]

Removed tag(s) security. Request was from Ben Hutchings <ben@decadent.org.uk> to 801700-submit@bugs.debian.org. (Tue, 13 Oct 2015 22:03:03 GMT) (full text, mbox, link).

Reply sent to Emmanuel Bouthenot <kolter@debian.org>:
You have taken responsibility. (Fri, 08 Apr 2016 22:12:04 GMT) (full text, mbox, link).

Notification sent to Salvatore Bonaccorso <carnil@debian.org>:
Bug acknowledged by developer. (Fri, 08 Apr 2016 22:12:04 GMT) (full text, mbox, link).

Message #17 received at 801700-close@bugs.debian.org (full text, mbox, reply):

From: Emmanuel Bouthenot <kolter@debian.org>
To: 801700-close@bugs.debian.org
Subject: Bug#801700: fixed in optipng 0.7.6-1
Date: Fri, 08 Apr 2016 22:09:02 +0000
Source: optipng
Source-Version: 0.7.6-1

We believe that the bug you reported is fixed in the latest version of
optipng, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 801700@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Emmanuel Bouthenot <kolter@debian.org> (supplier of updated optipng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Fri, 08 Apr 2016 23:13:38 +0200
Source: optipng
Binary: optipng
Architecture: source amd64
Version: 0.7.6-1
Distribution: unstable
Urgency: medium
Maintainer: Debian PhotoTools Maintainers <pkg-phototools-devel@lists.alioth.debian.org>
Changed-By: Emmanuel Bouthenot <kolter@debian.org>
Description:
 optipng    - advanced PNG (Portable Network Graphics) optimizer
Closes: 801700 820068
Changes:
 optipng (0.7.6-1) unstable; urgency=medium
 .
   * New upstream release
     - fix CVE-2016-2191: Invalid write while processing delta escapes
       without any boundary checking (Closes: #820068)
     - fix CVE-2015-7802: Buffer overflow in global memory (Closes: #801700)
   * Enable hardening=+all build
   * Fix Vcs-(Git|Browser) fields to use secure URIs
   * Bump Standards-Version to 3.9.7
   * Add a patch to fix typo in manpage
Checksums-Sha1:
 b8ccd9319a7df84119bc9c28d623f6b16249c57d 1986 optipng_0.7.6-1.dsc
 abc480543b85d227db4a84be80ae2dd8a8e53a66 200670 optipng_0.7.6.orig.tar.gz
 7874a68c483cee09ceba09b1ed18ad8edc115896 5045 optipng_0.7.6-1.debian.tar.bz2
 13131d59a660f2a66edb55784e7f974342f4c31e 86936 optipng-dbgsym_0.7.6-1_amd64.deb
 dfea5ec4f7f720734feb7b33130cec80d2225124 82370 optipng_0.7.6-1_amd64.deb
Checksums-Sha256:
 2f573057f3a086e42cc113bcfbbfe261ea64febc5ff7aa06827f3014d5c66b3d 1986 optipng_0.7.6-1.dsc
 cd7eccd51f15c789e61041b3e03260e2886e74a274c9a6513a1f6db6cce07dc8 200670 optipng_0.7.6.orig.tar.gz
 4beb4c16dc7af4370da95852dc6df23de30f783fbdd4c054dbc449002a530ae2 5045 optipng_0.7.6-1.debian.tar.bz2
 12641220585e1e82abbfde28a3b37622c223fd9d98024b0944b783c68c0b3098 86936 optipng-dbgsym_0.7.6-1_amd64.deb
 1599e8e48790e139c2c57075a8b0b27089ca7061ef5350d554b64a85758d1f2e 82370 optipng_0.7.6-1_amd64.deb
Files:
 aa27c551da35e2cf5a2b532d14e3f709 1986 graphics optional optipng_0.7.6-1.dsc
 c36836166ec3b6a12a75600fdb73e6ce 200670 graphics optional optipng_0.7.6.orig.tar.gz
 064fd868647bc1be18f62b70b7c613fa 5045 graphics optional optipng_0.7.6-1.debian.tar.bz2
 a7e655d729e5ba7583a5f2eb53635489 86936 debug extra optipng-dbgsym_0.7.6-1_amd64.deb
 525301a013aa36c631812de052d9e034 82370 graphics optional optipng_0.7.6-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJXCCDEAAoJEEsHdyOSnULDFNAP/i/VaIiHIfvE3i7IU6tdXxCQ
Ht1+Ej6iXKzAnF1aX4ejP3mPhtbfhFNA74ICmystkM8j1wWa+YBPQwJk7YiEekI9
ITNlDSnZcOkNJ4hOK5koQNPF94fIX5n4kjio/JcDKBPXChzQHw8WuU7okphIPlu6
CTGBGJWKXk1hllGQOAGO3yFj2T0AgVEVlxEgF3pWRj73UiAJ1QfRdzfV/p/NoP8k
jMb/PKfhhKbGfF/tDeGs86FWe6C1XID4T8V0OxVCNB6ZIK9FOlWVCtizfLcjQQpe
RtEcwzJtUUdHfHmc4lOcZkud/4b2ivNQHxamzXq97+iR3+xJjqaPLe8fzF4CXa+x
yw7tC3Mcne5nxc5zozhkzOpxn/JHgWaM4UBLP4FXbpW4P4ioX4ADlZQMg6xqko8w
SFIXxwWmX6LzHutyXavkvJkmMA2X1Fx2ZuEIuThq32bD16R5Dj0mQl8fer8aCRQ5
hpL9R+1FSiGJA5I1DMYa+tsSgzi7kCnHVR2jnvvl4i8+y8JBPWlcmQgbWEMLyq53
c0FJVX5TnI2FQt1G/+ToWnotDE2hOGcbUaUcP9bUOSnL/1JX9u7dI1xqbKWScZYT
FMKvgw6wWQnaKFWAPr4qForUUUP1YixnYkqJYZ9FFrLwxRZfDT0o4n449THqthgY
egAZj4G1oYopDll5Mu0Q
=TwBP
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 12 May 2016 07:25:09 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 16:23:07 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started