Mailinglist Archive: opensuse-bugs (4292 mails)

< Previous Next >
[Bug 1037051] New: VUL-0: CVE-2017-8401: swftools: out-of-bound read of heap data issue can occur in function png_load()(lib/png.c:724)
  • From: bugzilla_noreply@xxxxxxxxxx
  • Date: Mon, 01 May 2017 21:50:45 +0000
  • Message-id: <bug-1037051-21960@http.bugzilla.opensuse.org/>
http://bugzilla.opensuse.org/show_bug.cgi?id=1037051


Bug ID: 1037051
Summary: VUL-0: CVE-2017-8401: swftools: out-of-bound read of
heap data issue can occur in function
png_load()(lib/png.c:724)
Classification: openSUSE
Product: openSUSE Distribution
Version: Leap 42.2
Hardware: Other
OS: Other
Status: NEW
Severity: Normal
Priority: P5 - None
Component: Security
Assignee: security-team@xxxxxxx
Reporter: mikhail.kasimov@xxxxxxxxx
QA Contact: qa-bugs@xxxxxxx
Found By: ---
Blocker: ---

Created attachment 723321
--> http://bugzilla.opensuse.org/attachment.cgi?id=723321&action=edit
CVE-2017-8401_PoC_and_analysis

Ref: https://nvd.nist.gov/vuln/detail/CVE-2017-8401
=============================================
Description

In SWFTools 0.9.2, an out-of-bounds read of heap data can occur in the function
png_load() in lib/png.c:724. This issue can be triggered by a malformed PNG
file that is mishandled by png2swf. Attackers could exploit this issue for DoS.

Source: MITRE Last Modified: 05/01/2017
=============================================

Hyperlink

[1] https://github.com/matthiaskramm/swftools/issues/14

[2]
https://github.com/matthiaskramm/swftools/commit/392fb1f3cd9a5b167787c551615c651c3f5326f2


(open-)SUSE: https://software.opensuse.org/package/swftools

0.9.2 (TW, 42.{1,2}, official repo)

--
You are receiving this mail because:
You are on the CC list for the bug.
< Previous Next >
Follow Ups