Pixman: Buffer overflow — GLSA 201612-37

A buffer overflow in Pixman might allow remote attackers to execute arbitrary code.

Affected Packages

x11-libs/pixman on all architectures
Affected versions < 0.32.8
Unaffected versions >= 0.32.8

Background

Pixman is a pixel manipulation library.

Description

In pixman-general, careless computations done with the ‘dest_buffer’ pointer may overflow, failing the buffer upper limit check.

Impact

A remote attacker could possibly cause a Denial of Service condition, or execute arbitrary code with the privileges of the process.

Workaround

There is no known workaround at this time.

Resolution

All Pixman users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=x11-libs/pixman-0.32.8"
 

References

Release Date
December 13, 2016

Latest Revision
December 13, 2016: 2

Severity
normal

Exploitable
remote

Bugzilla entries