References:
CISCO: http://tools.cisco.com/security/center/viewAlert.x?alertId=37889
MITRE: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0667
Timeline:
Feb 27 2015: Reported to Cisco PSIRT. Assigned to Incident Manager.
Mar 13 2015: Status check with Incident Manager.
[ Mar 18 2015: Cisco releases IntelliShield ID 37889 ] -- Not copied on this.
Apr 10 2015: Status check with Incident Manager
Apr 13 2015: Incident Manager supplies IntelliShield ID; Finding closed from my end.
Monday, April 13, 2015
Monday, March 23, 2015
mozjpeg findings update
Closed
20150323: mozjpeg: b6029d31 SIGFPE on specially crafted jpeg https://github.com/mozilla/mozjpeg/issues/153Saturday, March 14, 2015
libicns
Findings
010db139 -- SEGV #1 icns_read_be (size=2, inp=0x661000, outp=<synthetic pointer>) at icns_io.c:51
3454826d -- SEGV #1 icns_read_le (size=2, inp=<optimized out>, outp=<synthetic pointer>) at icns_io.c:101
Reported to maintainer Mathew Eis March 14, 2015, 9:43 p.m.
010db139 -- SEGV #1 icns_read_be (size=2, inp=0x661000, outp=<synthetic pointer>) at icns_io.c:51
3454826d -- SEGV #1 icns_read_le (size=2, inp=<optimized out>, outp=<synthetic pointer>) at icns_io.c:101
Reported to maintainer Mathew Eis March 14, 2015, 9:43 p.m.
Sunday, March 8, 2015
Fuzzing Update
freeXL:
Re: 9f74b0e8, c9be2aa7, d7273f72, 6889d18b
Closed with patch.
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
html2text:
Re: 8afd955e [Crash, SEGV ] malloc in Area.C:223
Response received from vendor, wontfix.
exifprobe:
Re: 3a41cb1c, 6bb4db60
Closed with patch. 3a41cb1c resolved in this patch. 6bb4db60 resolved in this patch.
Re: ab50ccf7
Closed in latest git checkout. Asking vendor for patch details.
fig2xsd:
Re: 485f75d6, bd644d4d
Closed with vendor release of 0.22
http://prdownloads.sourceforge.net/fig2sxd/fig2sxd_0.22.orig.tar.gz?download
gif2png:
Re: 0cd10b14
Vendor working on fix.
hp2xx:
Submitted new 0ad69d36, 24dfd181, 27eac1b7, 2b9f1f19, 3503093d, 3a5b6ff4, 3b2a6ca6, 40dd99c6, 42e898d9, 4fa145b4, 5570ae2a, 57dc6ada, 7c503fc7, 7d580ece, 87aebb39, 8d2e9b05, 9071d6d8, 91fe0b08, 92cee751, 99f38038, a921cb74, b1ee740e, b3445f4e, b6bd0cc0, b9eff3a0, bbb8391b, c3e9eae3, c7f0611a, cb3d04f9, d34f9134, d6ce68b4, dccd6129, ea388b76, f2315602, f7cede9e on 3/8/2015
giftrans:
Submitted new a4ac94f0 to Debian QA team on 3/8/2015, Debian bug ID 780079;
Re: 9f74b0e8, c9be2aa7, d7273f72, 6889d18b
Closed with patch.
https://www.gaia-gis.it/fossil/freexl/fdiff?v1=2e167b337481dda3&v2=61618ce51a9b0c15&sbs=1
html2text:
Re: 8afd955e [Crash, SEGV ] malloc in Area.C:223
Response received from vendor, wontfix.
exifprobe:
Re: 3a41cb1c, 6bb4db60
Closed with patch. 3a41cb1c resolved in this patch. 6bb4db60 resolved in this patch.
Re: ab50ccf7
Closed in latest git checkout. Asking vendor for patch details.
fig2xsd:
Re: 485f75d6, bd644d4d
Closed with vendor release of 0.22
http://prdownloads.sourceforge.net/fig2sxd/fig2sxd_0.22.orig.tar.gz?download
gif2png:
Re: 0cd10b14
Vendor working on fix.
hp2xx:
Submitted new 0ad69d36, 24dfd181, 27eac1b7, 2b9f1f19, 3503093d, 3a5b6ff4, 3b2a6ca6, 40dd99c6, 42e898d9, 4fa145b4, 5570ae2a, 57dc6ada, 7c503fc7, 7d580ece, 87aebb39, 8d2e9b05, 9071d6d8, 91fe0b08, 92cee751, 99f38038, a921cb74, b1ee740e, b3445f4e, b6bd0cc0, b9eff3a0, bbb8391b, c3e9eae3, c7f0611a, cb3d04f9, d34f9134, d6ce68b4, dccd6129, ea388b76, f2315602, f7cede9e on 3/8/2015
giftrans:
Submitted new a4ac94f0 to Debian QA team on 3/8/2015, Debian bug ID 780079;
Sunday, January 25, 2015
Fuzzing Update
ImageMagick:
Mutliple CPU DOS
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
GraphicsMagick:
Cineon stack smashing and Fits assertion errors 1/24
http://www.graphicsmagick.org/Changelog.html
Mozjpeg:
SIGFPE on jpeg
https://github.com/mozilla/mozjpeg/issues/153
Mutliple CPU DOS
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26929
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26931
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26932
http://www.imagemagick.org/discourse-server/viewtopic.php?f=3&t=26933
GraphicsMagick:
Cineon stack smashing and Fits assertion errors 1/24
http://www.graphicsmagick.org/Changelog.html
Mozjpeg:
SIGFPE on jpeg
https://github.com/mozilla/mozjpeg/issues/153
Subscribe to:
Posts (Atom)