tags 778261 - moreinfo forwarded 778261 https://bugzilla.gnome.org/show_bug.cgi?id=749674 thanks
A short summary about what happened so far: I asked for additional information by sending an e-mail to Red Hat's bug tracker. https://bugzilla.redhat.com/show_bug.cgi?id=852481 I was contacted by Stefan Cornelius from the Red Hat security team and he sent me a reproducer for this vulnerability. This one is not intended for public use, so interested parties who would like to fix this issue should contact [email protected] and ask for it there. I have reported this issue upstream. https://bugzilla.gnome.org/show_bug.cgi?id=749674 Red Hat has already closed this bug report again and marked it as "wontfix". This means they "deem the overall real world risks to be very low and have no immediate plans to fix the issue." I think it is quite unlikely that someone is able to exploit this vulnerability remotely. It might be possible to send someone a specially crafted .byzanz file and possibly execute arbitrary code. The producer which I have received causes a segmentation fault. However .byzanz files are only used for debugging purposes and more targeted at developers or benchmarks. A user also has to convert the .byzanz file to a gif file with byzanz playback like this byzanz-playback test.byzanz test.gif I haven't heard anything from upstream so far. I consider the overall risk being low but this is still a bug that should be fixed. If someone can come up with a patch, please let me know. Markus
signature.asc
Description: OpenPGP digital signature

