Nixpkgs security tracker

Login with GitHub

⚠️ You are using a production deployment that is still only suitable for demo purposes. Any work done in this might be wiped later without notice.

Suggestion detail

Untriaged

Permalink CVE-2015-7508

created 2 months ago Activity log

Created suggestion 2 months ago

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in …

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.

References

http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_transferredx_refsource_MISC
http://seclists.org/fulldisclosure/2015/Dec/73 x_transferredx_refsource_MISC

Affected products

Libnsbmp

==0.1.2

Matching in nixpkgs

pkgs.libnsbmp

BMP Decoder for netsurf browser

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.netsurf.libnsbmp

BMP Decoder for netsurf browser

Package maintainers

@fgaz Francesco Gazzetta <fgaz@fgaz.me>