File gd-CVE-2019-11038.patch of Package gd.21221
diff --git a/src/gd_xbm.c b/src/gd_xbm.c index 4ca41acf..cf0545ef 100644 --- a/src/gd_xbm.c +++ b/src/gd_xbm.c @@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd) } h[3] = ch; } - sscanf(h, "%x", &b); + if (sscanf(h, "%x", &b) != 1) { + gd_error("invalid XBM"); + gdImageDestroy(im); + return 0; + } for (bit = 1; bit <= max_bit; bit = bit << 1) { gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0); if (x == im->sx) {