Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
gdk-pixbuf.7709
gdk-pixbuf-cve-2017-6313-icns-integer-underflow...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File gdk-pixbuf-cve-2017-6313-icns-integer-underflow.patch of Package gdk-pixbuf.7709
From 210b16399a492d05efb209615a143920b24251f4 Mon Sep 17 00:00:00 2001 From: Bastien Nocera <hadess@hadess.net> Date: Tue, 5 Dec 2017 11:51:02 +0100 Subject: [PATCH] icns: Protect against too short blocklen (CVE-2017-6313) The blocklen needs to be at least header sized to be valid, otherwise we can underflow picture data or mask data lengths. https://bugzilla.gnome.org/show_bug.cgi?id=779016 --- gdk-pixbuf/io-icns.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/gdk-pixbuf/io-icns.c b/gdk-pixbuf/io-icns.c index a432e463f..41732b153 100644 --- a/gdk-pixbuf/io-icns.c +++ b/gdk-pixbuf/io-icns.c @@ -95,7 +95,8 @@ load_resources (unsigned size, IN gpointer data, gsize datalen, blocklen = GUINT32_FROM_BE (header->size); /* Check that blocklen isn't garbage */ - if (blocklen > icnslen - (current - bytes)) + if (blocklen > icnslen - (current - bytes) || + blocklen < sizeof (IcnsBlockHeader)) return FALSE; switch (size) -- 2.15.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor