Suggestions search

Untriaged

Filter by:

With package: libnsbmp

Found 2 matching suggestions

View:

Compact

Detailed

Permalink CVE-2015-7508

created 2 months ago Activity log

Created suggestion 2 months ago

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in …

Heap-based buffer overflow in the bmp_decode_rle function in libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via the last row of RLE data in a crafted BMP file.

References

http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_transferredx_refsource_MISC
http://seclists.org/fulldisclosure/2015/Dec/73 x_transferredx_refsource_MISC

Affected products

Libnsbmp

==0.1.2

Matching in nixpkgs

pkgs.libnsbmp

BMP Decoder for netsurf browser

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.netsurf.libnsbmp

BMP Decoder for netsurf browser

Package maintainers

@fgaz Francesco Gazzetta <fgaz@fgaz.me>

Permalink CVE-2015-7507

created 2 months ago Activity log

Created suggestion 2 months ago

libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a …

libnsbmp.c in Libnsbmp 0.1.2 allows context-dependent attackers to cause a denial of service (out-of-bounds read) via a crafted color table to the (1) bmp_decode_rgb or (2) bmp_decode_rle function.

References

http://www.securityfocus.com/archive/1/archive/1/537132/100/0/threaded x_transferredx_refsource_MISC
http://seclists.org/fulldisclosure/2015/Dec/73 x_transferredx_refsource_MISC

Affected products

Libnsbmp

==0.1.2

Matching in nixpkgs

pkgs.libnsbmp

BMP Decoder for netsurf browser

nixos-unstable 0.1.7
- nixpkgs-unstable 0.1.7
- nixos-unstable-small 0.1.7
nixos-25.11 0.1.7
- nixos-25.11-small 0.1.7
- nixpkgs-25.11-darwin 0.1.7

pkgs.netsurf.libnsbmp

BMP Decoder for netsurf browser

Package maintainers

@fgaz Francesco Gazzetta <fgaz@fgaz.me>