GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun Dec 09, 2007 9:26 pm Post subject: [ GLSA 200712-04 ] Cairo: User-assisted execution of arbitra |
 |
|
Gentoo Linux Security Advisory
Title: Cairo: User-assisted execution of arbitrary code (GLSA 200712-04)
Severity: normal
Exploitable: remote
Date: December 09, 2007
Bug(s): #200350
ID: 200712-04
Synopsis
Multiple integer overflows were discovered in Cairo, possibly leading to
the execution of arbitrary code.
Background
Cairo is a 2D vector graphics library with cross-device output support.
Affected Packages
Package: x11-libs/cairo
Vulnerable: < 1.4.12
Unaffected: >= 1.4.12
Architectures: All supported architectures
Description
Multiple integer overflows were reported, one of which Peter Valchev
(Google Security) found to be leading to a heap-based buffer overflow
in the cairo_image_surface_create_from_png() function that processes
PNG images.
Impact
A remote attacker could entice a user to view or process a specially
crafted PNG image file in an application linked against Cairo, possibly
leading to the execution of arbitrary code with the privileges of the
user running the application.
Workaround
There is no known workaround at this time.
Resolution
All Cairo users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=x11-libs/cairo-1.4.12" |
References
CVE-2007-5503
Last edited by GLSA on Sat Jul 26, 2014 4:25 am; edited 4 times in total |
|
News & Announcements
