[Bug 1215937] New: VUL-0: CVE-2023-43907: optipng: global buffer overflow via the 'buffer' variable at gifread.c
https://bugzilla.suse.com/show_bug.cgi?id=1215937 Bug ID: 1215937 Summary: VUL-0: CVE-2023-43907: optipng: global buffer overflow via the 'buffer' variable at gifread.c Classification: openSUSE Product: openSUSE Distribution Version: Leap 15.6 Hardware: Other URL: https://smash.suse.de/issue/380479/ OS: Other Status: NEW Severity: Major Priority: P5 - None Component: Security Assignee: pgajdos@suse.com Reporter: smash_bz@suse.de QA Contact: security-team@suse.de CC: gabriele.sonnu@suse.com Target Milestone: --- Found By: Security Response Team Blocker: --- OptiPNG v0.7.7 was discovered to contain a global buffer overflow via the 'buffer' variable at gifread.c. References: https://github.com/Frank-Z7/z-vulnerabilitys/blob/main/optipng-global-buffer... http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-43907 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c1 --- Comment #1 from Gabriele Sonnu <gabriele.sonnu@suse.com> --- Tracking as affected: - openSUSE:Backports:SLE-15-SP4/optipng - openSUSE:Backports:SLE-15-SP5/optipng - openSUSE:Factory/optipng -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c2 --- Comment #2 from Petr Gajdos <pgajdos@suse.com> --- https://sourceforge.net/p/optipng/bugs/87/ no reaction from upstream sofar -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c3 --- Comment #3 from Petr Gajdos <pgajdos@suse.com> --- I cannot reproduce the bug with asan: :/215937 # ldd /usr/bin/optipng | grep asan libasan.so.8 => /lib64/libasan.so.8 (0x00007f432c800000) :/215937 # optipng -o4 POCoptipng -zm 3 -zc 1 -zw 256 -snip -out optipngtest.png ** Processing: POCoptipng Warning: Bogus data in GIF file Error: Unexpected end of GIF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. :/215937 # nor valgrind: $ valgrind -q optipng -o4 POCoptipng -zm 3 -zc 1 -zw 256 -snip -out optipngtest.png ** Processing: POCoptipng Warning: Bogus data in GIF file Error: Unexpected end of GIF file ** Status report 1 file(s) have been processed. 1 error(s) have been encountered. $ -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c4 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|pgajdos@suse.com |security-team@suse.de --- Comment #4 from Petr Gajdos <pgajdos@suse.com> --- Submitted for: TW,b15sp6,b15sp5,b15sp4,b15sp3/optipng. I believe all fixed. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c6 --- Comment #6 from Marcus Meissner <meissner@suse.com> --- The bacport submissions are not really working with the factory version: openSUSE_Backports_SLE-15-SP5_Update ppc64le unresolvable: nothing provides libpng-devel >= 1.6.35 (got version 1.6.34 provided by libpng16-compat-devel) (got version 1.2.57 provided by libpng12-compat-devel) they need to be relaxed I guess. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|security-team@suse.de |pgajdos@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c7 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(meissner@suse.com | |) CC| |meissner@suse.com --- Comment #7 from Petr Gajdos <pgajdos@suse.com> --- Ah, apologize. I will look whether this requirement is hard or not Do we have still the possibility to release the patch instead of version update? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c8 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(meissner@suse.com | |) | --- Comment #8 from Marcus Meissner <meissner@suse.com> --- we can do a version update, but the strict version requires would need to be relaxed. I think they just are there to ensure we have applied security fixes to these libraries, which we did. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c9 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags| |needinfo?(meissner@suse.com | |) --- Comment #9 from Petr Gajdos <pgajdos@suse.com> --- There are sr#1129768 and sr#1129766 for 15sp4 and 15sp5 backports respectively. Not sure whether sr#1129764 should be done differently. Do not know what to do with 15sp3 backports, it does not branch with mbranch anymore. What do you think? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c10 --- Comment #10 from Marcus Meissner <meissner@suse.com> --- 15 sp3 backports is EOL. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c11 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(meissner@suse.com | |) | --- Comment #11 from Petr Gajdos <pgajdos@suse.com> --- I thought so, just that my wrong request was accepted: https://build.opensuse.org/request/show/1125571 but it does not seem to have any effect. Thanks, if anything else, let me know. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c12 --- Comment #12 from Petr Gajdos <pgajdos@suse.com> --- New attempts: sr#1129775, sr#1129777, sr#1129778. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c14 --- Comment #14 from Marcus Meissner <meissner@suse.com> --- openSUSE-SU-2023:0383-1: An update that fixes one vulnerability is now available. Category: security (important) Bug References: 1215937 CVE References: CVE-2023-43907 JIRA References: Sources used: openSUSE Backports SLE-15-SP5 (src): optipng-0.7.8-bp155.5.5.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c15 Petr Gajdos <pgajdos@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|pgajdos@suse.com |security-team@suse.de --- Comment #15 from Petr Gajdos <pgajdos@suse.com> --- Requests were accepted, I believe all fixed. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 https://bugzilla.suse.com/show_bug.cgi?id=1215937#c16 --- Comment #16 from Marcus Meissner <meissner@suse.com> --- openSUSE-SU-2023:0388-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1215937 CVE References: CVE-2023-43907 JIRA References: Sources used: openSUSE Backports SLE-15-SP4 (src): optipng-0.7.8-bp154.3.5.1 -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1215937 Maintenance Automation <maint-coord+maintenance-robot@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |IN_PROGRESS -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com