Overview ======== Libnsbmp[1] is a decoding library for BMP and ICO files. It is primarily developed and used as part of the NetSurf project. As of version 0.1.2, libnsbmp is vulnerable to a heap overflow (CVE-2015-7508) and an out-of-bounds read (CVE-2015-7507). CVE-2015-7508 ============= libnsbmp expects that the user-supplied `bmp_bitmap_cb_create' callback allocates enough memory to accommodate for `bmp->width * bmp->height * 4' bytes. However, due to the way `pixels_left' is calculated, the last row of run-length encoded data may expand beyond the end of `bmp->bitmap', resulting in a heap overflow. src/libnsbmp.c #951..1097: ,-
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment