GNOME Bugzilla – Bug 749674
CVE-2015-2785: byzanz: Out-of heap-based buffer write in GIF encoder
Last modified: 2018-07-01 08:25:11 UTC
A security vulnerability was discovered in byzanz' GIF encoder. This is CVE-2015-2785. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2785 The GIF encoder in Byzanz allows remote attackers to cause a denial of service (out-of-bounds heap write and crash) or possibly execute arbitrary code via a crafted Byzanz debug data recording (ByzanzRecording file) to the byzanz-playback command. This bug was initially reported to Red Hat's bug tracker: https://bugzilla.redhat.com/show_bug.cgi?id=852481 You can also find another bug report for Debian at https://bugs.debian.org/778261 A test case / reproducer exists for this vulnerability. Interested parties and developers should contact Red Hat's security team via e-email and ask for it. secalert@redhat.com
Byzanz is not under active development anymore and has not seen code changes for more than five years. Its codebase has been archived: https://gitlab.gnome.org/Archive/byzanz/commits/master Closing this report as WONTFIX as part of Bugzilla Housekeeping to reflect reality. Please feel free to reopen this ticket (or rather transfer the project to GNOME Gitlab, as GNOME Bugzilla is deprecated) if anyone takes the responsibility for active development again.