GNOME Bugzilla – Bug 762029
pinpoint is affected by CVE-2013-7447
Last modified: 2018-08-17 19:57:31 UTC
As reported in: https://bugs.gentoo.org/show_bug.cgi?id=574372 https://bugs.gentoo.org/show_bug.cgi?id=574384 It is affected by CVE-2013-7447 (bug #703220). In 0.1.8 I see: $ grep -r "cairo_pixels" -- * pp-cairo.c: guchar *cairo_pixels; pp-cairo.c: cairo_pixels = g_malloc (height * cairo_stride); pp-cairo.c: surface = cairo_image_surface_create_for_data ((unsigned char *)cairo_pixels, pp-cairo.c: cairo_pixels, (cairo_destroy_func_t)g_free); pp-cairo.c: guchar *q = cairo_pixels; pp-cairo.c: cairo_pixels += cairo_stride;
Created attachment 357028 [details] [review] Avoid integer overflow This patch should fix the possible integer overflow.
pinpoint is not under active development anymore since 2015. Its codebase has been archived: https://gitlab.gnome.org/Archive/pinpoint/commits/master Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality. Please feel free to reopen this ticket (or rather transfer the project to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the responsibility for active development again.