https://bugzilla.redhat.com/show_bug.cgi?id=1037975
Huzaifa S. Sidhpurwala <huzai...@redhat.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
Whiteboard|impact=moderate,public=2013 |impact=moderate,public=2013
|0716,reported=20131204,sour |0716,reported=20131204,sour
|ce=osssec,cvss2=5.0/AV:N/AC |ce=osssec,cvss2=5.0/AV:N/AC
|:L/Au:N/C:N/I:N/A:P,fedora- |:L/Au:N/C:N/I:N/A:P,fedora-
|all/pixman=new,fedora-all/m |all/pixman=affected,fedora-
|ingw-pixman=new,epel-5/ming |all/mingw-pixman=affected,e
|w32-pixman=new,rhel-5/pixma |pel-5/mingw32-pixman=affect
|n=affected,rhel-6/pixman=ne |ed,rhel-5/pixman=affected,r
|w,rhel-7/pixman=new |hel-6/pixman=affected,rhel-
| |7/pixman=affected
Flags| |needinfo?(a...@redhat.com)
--- Comment #4 from Huzaifa S. Sidhpurwala <huzai...@redhat.com> ---
Adam,
If you look at the valgrind output from the above reproducer, there is an
invalid read and an invalid write on the heap, which really seems to be user
controllable. Looking at the code the issue is in pixman/pixman-edge.c:
210 WRITE (image, ap + lxi,
211 clip255 (READ (image, ap + lxi) + rxs - lxs));
This leads me to conclude that there could be a possible of arbitrary
user-controlled code execution. (which means i need to raise the impact to
important etc). Was wondering if you could take a look and let me know if you
think otherwise?
--
You are receiving this mail because:
You are on the CC list for the bug.
Unsubscribe from this bug
https://bugzilla.redhat.com/token.cgi?t=IDhKtTklET&a=cc_unsubscribe
_______________________________________________
mingw mailing list
mingw@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/mingw
