http://bugzilla.opensuse.org/show_bug.cgi?id=1021517 Bug ID: 1021517 Summary: VUL-0: CVE-2016-8710: libbpg: Image Decoding Code Execution [TALOS-2016-0223] Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.2 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Security Assignee: security-team@suse.de Reporter: mikhail.kasimov@gmail.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Refs: ================================================================================= [1] http://blog.talosintel.com/2017/01/vulnerability-spotlight-libbpg-image.html (Vulnerability Spotlight - LibBPG Image Decoding Code Execution) [2] http://www.talosintelligence.com/reports/TALOS-2016-0223/ (Libbpg BGP image decoding Code Execution Vulnerability) ================================================================================= [1] Known vulnerable versions: Libbpg - 0.9.4 and 0.9.7 https://software.opensuse.org/package/libbpg -- TW, 42.1|2, 13.2: 0.9.7. BPG Specification: http://bellard.org/bpg/bpg_spec.txt [2] Technical details (Crash Information chapter) and patch info (Mitigation chapter). In particular, pay, please, attention here on phrase -- "The following patch will fix the vulnerability, but it is untested as to whether it breaks any legitimate images." -- You are receiving this mail because: You are on the CC list for the bug.