[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#533361: got a CVE id

severity 533361 serious


this issue got a CVE id:

| Stack-based buffer overflow in the flattenIncrementally function in
| flatten.c in xcftools 1.0.4, as reachable from the (1) xcf2pnm and (2)
| xcf2png utilities, allows remote attackers to cause a denial of
| service (crash) and possibly execute arbitrary code via a crafted
| image that causes a consersion to a location "above or to the left of
| the canvas." NOTE: some of these details are obtained from third party
| information.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2175


Attachment: signature.asc
Description: OpenPGP digital signature

Reply to: