[Bug 1081631] New: VUL-0: leptonica: Unbound memory access
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 Bug ID: 1081631 Summary: VUL-0: leptonica: Unbound memory access Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other URL: https://smash.suse.de/issue/200341/ OS: Other Status: NEW Severity: Minor Priority: P5 - None Component: Security Assignee: lazy.kent@opensuse.org Reporter: kbabioch@suse.com QA Contact: qa-bugs@suse.de Depends on: 1081576 Found By: Security Response Team Blocker: --- prog/htmlviewer: Catch unbound memory access (CID 1386222) rootname can have any size, so limit the amount of copied bytes. References: https://github.com/DanBloomberg/leptonica/commit/c1079bb8e77cdd426759e466729... -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Alias| |CVE-2018-7247 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 http://bugzilla.opensuse.org/show_bug.cgi?id=1081631#c1 --- Comment #1 from Karol Babioch <kbabioch@suse.com> --- This has been assigned: CVE-2018-7247 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 Karol Babioch <kbabioch@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|VUL-0: leptonica: Unbound |VUL-0: CVE-2018-7247: |memory access |leptonica: Unbound memory | |access -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 http://bugzilla.opensuse.org/show_bug.cgi?id=1081631#c4 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|IN_PROGRESS |RESOLVED CC| |lazy.kent@opensuse.org Depends on|1081576 | Resolution|--- |FIXED Assignee|lazy.kent@opensuse.org |security-team@suse.de --- Comment #4 from Andreas Stieger <astieger@suse.com> --- release for Leap -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 Andreas Stieger <astieger@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Depends on| |1081576 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1081631 Bug 1081631 depends on bug 1081576, which changed state. Bug 1081576 Summary: VUL-1: CVE-2018-7186 leptonica: Stack-based buffer overflows in gplotRead() and ptaReadStream() when parsing crafted files can lead to denial of service http://bugzilla.opensuse.org/show_bug.cgi?id=1081576 What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com