Debian Bug report logs - #337972
libungif4g: buffer overflows and NULL dereference

version graph

Package: libungif4g; Maintainer for libungif4g is (unknown);

Reported by: Martin Pitt <martin.pitt@canonical.com>

Date: Mon, 7 Nov 2005 17:03:02 UTC

Severity: grave

Tags: patch, security

Found in version libungif4g/4.1.3-2

Fixed in version libungif4/4.1.3-4

Done: Michael Fedrowitz <michaelf@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Michael Fedrowitz <michaelf@debian.org>:
Bug#337972; Package libungif4g. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <martin.pitt@canonical.com>:
New Bug report received and forwarded. Copy sent to Michael Fedrowitz <michaelf@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Martin Pitt <martin.pitt@canonical.com>
To: Debian BTS Submit <submit@bugs.debian.org>
Cc: security@debian.org
Subject: libungif4g: buffer overflows and NULL dereference
Date: Mon, 7 Nov 2005 11:51:50 -0500
[Message part 1 (text/plain, inline)]
Package: libungif4g
Version: 4.1.3-2
Severity: critical
Tags: security patch

Hi!

Chris Evans discovered several buffer overflows (CVE-2005-3350) and a
NULL dereference (CVE-2005-2974), which were fixed upstream in 4.1.4.

Here is the Ubuntu patch which only contains the security relevant
bits:

http://patches.ubuntu.com/patches/libungif4.CVE-2005-2974_3350.diff

Thanks,

Martin

-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
[signature.asc (application/pgp-signature, inline)]

Information forwarded to debian-bugs-dist@lists.debian.org, Michael Fedrowitz <michaelf@debian.org>:
Bug#337972; Package libungif4g. Full text and rfc822 format available.

Acknowledgement sent to Martin Pitt <martin.pitt@ubuntu.com>:
Extra info received and forwarded to list. Copy sent to Michael Fedrowitz <michaelf@debian.org>. Full text and rfc822 format available.

Message #10 received at 337972@bugs.debian.org (full text, mbox):

From: Martin Pitt <martin.pitt@ubuntu.com>
To: 337972@bugs.debian.org
Subject: Test pictures
Date: Mon, 7 Nov 2005 12:12:02 -0500
[Message part 1 (text/plain, inline)]
Hi again!

I forgot to mention some demo pictures:

http://scary.beasts.org/misc/bad1.gif
http://scary.beasts.org/misc/bad2.gif
http://scary.beasts.org/misc/bad3.gif

They will mak e. g. gifinfo or feh crash without the patch.

Martin
-- 
Martin Pitt        http://www.piware.de
Ubuntu Developer   http://www.ubuntu.com
Debian Developer   http://www.debian.org
[signature.asc (application/pgp-signature, inline)]

Severity set to `grave'. Request was from Steve Langasek <vorlon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#337972; Package libungif4g. Full text and rfc822 format available.

Acknowledgement sent to Michael Fedrowitz <michaelf@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #17 received at 337972@bugs.debian.org (full text, mbox):

From: Michael Fedrowitz <michaelf@debian.org>
To: Martin Pitt <martin.pitt@canonical.com>, 337972@bugs.debian.org
Cc: security@debian.org
Subject: Re: Bug#337972: libungif4g: buffer overflows and NULL dereference
Date: Tue, 8 Nov 2005 08:27:10 +0100
On Mon, Nov 07, 2005 at 11:51:50AM -0500, Martin Pitt wrote:

 Hi,

> Chris Evans discovered several buffer overflows (CVE-2005-3350) and a
> NULL dereference (CVE-2005-2974), which were fixed upstream in 4.1.4.
> 
> Here is the Ubuntu patch which only contains the security relevant
> bits:

thanks. Unfortunately I don't have access to my key right now and won't
be able to upload before next weekend (late Friday night CET most
likely). If anyone wants to NMU before then, feel free.

-Michael



Reply sent to Michael Fedrowitz <michaelf@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Martin Pitt <martin.pitt@canonical.com>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #22 received at 337972-close@bugs.debian.org (full text, mbox):

From: Michael Fedrowitz <michaelf@debian.org>
To: 337972-close@bugs.debian.org
Subject: Bug#337972: fixed in libungif4 4.1.3-4
Date: Fri, 11 Nov 2005 14:32:09 -0800
Source: libungif4
Source-Version: 4.1.3-4

We believe that the bug you reported is fixed in the latest version of
libungif4, which is due to be installed in the Debian FTP archive:

libungif-bin_4.1.3-4_i386.deb
  to pool/main/libu/libungif4/libungif-bin_4.1.3-4_i386.deb
libungif4-dev_4.1.3-4_i386.deb
  to pool/main/libu/libungif4/libungif4-dev_4.1.3-4_i386.deb
libungif4_4.1.3-4.diff.gz
  to pool/main/libu/libungif4/libungif4_4.1.3-4.diff.gz
libungif4_4.1.3-4.dsc
  to pool/main/libu/libungif4/libungif4_4.1.3-4.dsc
libungif4g_4.1.3-4_i386.deb
  to pool/main/libu/libungif4/libungif4g_4.1.3-4_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 337972@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Michael Fedrowitz <michaelf@debian.org> (supplier of updated libungif4 package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri, 11 Nov 2005 23:07:09 +0100
Source: libungif4
Binary: libungif4-dev libungif4g libungif-bin
Architecture: source i386
Version: 4.1.3-4
Distribution: unstable
Urgency: low
Maintainer: Michael Fedrowitz <michaelf@debian.org>
Changed-By: Michael Fedrowitz <michaelf@debian.org>
Description: 
 libungif-bin - programs to convert GIF images
 libungif4-dev - shared library for GIF images (development files)
 libungif4g - shared library for GIF images (runtime lib)
Closes: 337972
Changes: 
 libungif4 (4.1.3-4) unstable; urgency=low
 .
   * Applied security patch from Ubuntu (thanks to Martin Pitt):
     * SECURITY UPDATE: Arbitrary code execution with crafted GIF files.
     * lib/dgif_lib.c:
       - Fix NULL dereference crash with crafted LZW termination blocks.
       - CVE-2005-2974
     * lib/dgif_lib.c, lib/egif_lib.c, lib/gifalloc.c:
       - Fix multiple buffer overflows with crafted GIF files, possibly
         exploitable:
       - CVE-2005-3350
     (closes: #337972)
Files: 
 415b19d64f48bb3edad0412aa3bef069 622 graphics optional libungif4_4.1.3-4.dsc
 b50ae9fe3259b890f5bfc324073f5680 136502 graphics optional libungif4_4.1.3-4.diff.gz
 0350ffa29949f033596eb3dda1969790 55744 libs optional libungif4g_4.1.3-4_i386.deb
 336385f55c184d44a6b5309ed1b228ee 39004 libdevel optional libungif4-dev_4.1.3-4_i386.deb
 6bfd070ebd300ade002069da8250db6f 187996 graphics optional libungif-bin_4.1.3-4_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDdRcivpyGjQRgTrgRAh1YAJ9coi5QMtDxelH8/P0Uz1xhSxYimACgkFZn
SCGJKkiEsqzi9nvG8iYqW5s=
=cq+k
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 12:00:02 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 19:18:37 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.