Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
libXpm
U_0006-test-Add-test-case-for-CVE-2023-43787-in...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_0006-test-Add-test-case-for-CVE-2023-43787-integer-overfl.patch of Package libXpm
From ec92147890b7985756d8917c25363777de4599fe Mon Sep 17 00:00:00 2001 From: Alan Coopersmith <alan.coopersmith@oracle.com> Date: Thu, 7 Sep 2023 16:55:25 -0700 Subject: [PATCH libXpm 6/7] test: Add test case for CVE-2023-43787 (integer overflow in XCreateImage) Provided by Yair Mizrahi of the JFrog Vulnerability Research team Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- test/pixmaps/README.md | 5 ++++ test/pixmaps/invalid/width-overflow.xpm | 31 +++++++++++++++++++++++++ 2 files changed, 36 insertions(+) create mode 100644 test/pixmaps/invalid/width-overflow.xpm Index: libXpm-3.5.12/test/pixmaps/README.md =================================================================== --- libXpm-3.5.12.orig/test/pixmaps/README.md +++ libXpm-3.5.12/test/pixmaps/README.md @@ -55,6 +55,11 @@ return XpmFileInvalid when parsed. - corrupt-colormap.xpm - This file was generated by the clang libfuzzer, and serves as a test for CVE-2023-43789 +- width-overflow.xpm - This file was provided by Yair Mizrahi of + the JFrog Vulnerability Research team as a test for CVE-2023-43787. + Its width causes an integer overflow when multiplied by a depth of 4 bytes + (32-bits) when using 32-bit ints. + no-mem ------ Index: libXpm-3.5.12/test/pixmaps/invalid/width-overflow.xpm =================================================================== --- /dev/null +++ libXpm-3.5.12/test/pixmaps/invalid/width-overflow.xpm @@ -0,0 +1,31 @@ +/* XPM */ +/* + * Copyright (c) 1993, 1995, Oracle and/or its affiliates. + * + * Permission is hereby granted, free of charge, to any person obtaining a + * copy of this software and associated documentation files (the "Software"), + * to deal in the Software without restriction, including without limitation + * the rights to use, copy, modify, merge, publish, distribute, sublicense, + * and/or sell copies of the Software, and to permit persons to whom the + * Software is furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice (including the next + * paragraph) shall be included in all copies or substantial portions of the + * Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL + * THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING + * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER + * DEALINGS IN THE SOFTWARE. + */ +static char * Dimple_pm[] = { +/* width height ncolors cpp [x_hot y_hot] */ +"536871019 1 2 1 1 1", +/* colors */ +" c #40a100", +". c #434241", +/* pixels */ +" ....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
