You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Use CVE-2016-10062 for the fwrite issue in ReadGROUP4Image. This was
specifically noted at the beginning of issues/196, but not fixed in
either of these commits. It is not the same as the fputc issue in
ReadGROUP4Image.
Best practices suggest that an application check the status of each and every system call and we're working on that over time. #196 was classified as a low priority because no reproducible exploit was provided. However, renewed interest in the issue pushes the priority higher. Consequently we intend to provide a patch within the next few days.
Three CVEs have been assigned for those issues. AFAICT, the one for the error handling of the fwrite's in ReadGROUP4Image would still be open?
Use CVE-2016-10060 for the issue fixed in 933e96f.
Use CVE-2016-10061 for the issue fixed in 4e914bb.
Use CVE-2016-10062 for the fwrite issue in ReadGROUP4Image. This was
specifically noted at the beginning of issues/196, but not fixed in
either of these commits. It is not the same as the fputc issue in
ReadGROUP4Image.
Origin: https://marc.info/?l=oss-security&m=148278818528413&w=2
The text was updated successfully, but these errors were encountered: