Nixpkgs Security Tracker

Login with GitHub

Suggestion detail

Untriaged

Permalink CVE-2015-7508

created 1 month ago

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in …

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.

References

http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Dec/73 x_refsource_MISC
http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Dec/73 x_refsource_MISC x_transferred
http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_refsource_MISC
http://seclists.org/fulldisclosure/2015/Dec/73 x_refsource_MISC
http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_refsource_MISC x_transferred
http://seclists.org/fulldisclosure/2015/Dec/73 x_refsource_MISC x_transferred

Affected products

Libnsbmp

==0.1.2

Matching in nixpkgs

pkgs.libnsbmp

BMP Decoder for netsurf browser

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.netsurf.libnsbmp

BMP Decoder for netsurf browser

Package maintainers

@fgaz Francesco Gazzetta <fgaz@fgaz.me>