Bug ID 1021517
Summary VUL-0: CVE-2016-8710: libbpg: Image Decoding Code Execution [TALOS-2016-0223]
Classification openSUSE
Product openSUSE Distribution
Version Leap 42.2
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter mikhail.kasimov@gmail.com
QA Contact qa-bugs@suse.de
Found By ---
Blocker --- 

Refs:
=================================================================================
[1]
http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html
(Vulnerability Spotlight - LibBPG Image Decoding Code Execution)

[2] http://www.talosintelligence.com/reports/TALOS-2016-0223/ (Libbpg BGP image
decoding Code Execution Vulnerability)
=================================================================================

[1]  Known vulnerable versions:
Libbpg - 0.9.4 and 0.9.7 

https://software.opensuse.org/package/libbpg -- TW, 42.1|2, 13.2: 0.9.7.

BPG Specification: http://bellard.org/bpg/bpg_spec.txt

[2] Technical details (Crash Information chapter) and patch info (Mitigation
chapter). In particular, pay, please, attention here on phrase -- "The
following patch will fix the vulnerability, but it is untested as to whether it
breaks any legitimate images."

You are receiving this mail because: