Overview

File clamav-CVE-2019-12900.patch of Package clamav.13406

--- libclamav/nsis/bzlib.c.orig
+++ libclamav/nsis/bzlib.c
@@ -618,7 +618,7 @@ static Int32 BZ2_decompress ( DState* s
       GET_BITS(BZ_X_SELECTOR_1, nGroups, 3);
       if (nGroups < 2 || nGroups > 6) RETURN(BZ_DATA_ERROR);
       GET_BITS(BZ_X_SELECTOR_2, nSelectors, 15);
-      if (nSelectors < 1) RETURN(BZ_DATA_ERROR);
+      if (nSelectors < 1 || nSelectors > BZ_MAX_SELECTORS) RETURN(BZ_DATA_ERROR);
       for (i = 0; i < nSelectors; i++) {
          j = 0;
          while (True) {
openSUSE Build Service is sponsored by
Places