Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Evergreen:11.1
xorg-x11-libs
U_libXfont_LZW-decompress-fix-for-CVE-2011-2895...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File U_libXfont_LZW-decompress-fix-for-CVE-2011-2895.patch of Package xorg-x11-libs
From d11ee5886e9d9ec610051a206b135a4cdc1e09a0 Mon Sep 17 00:00:00 2001 From: Thomas Hoger <thoger@redhat.com> Date: Mon, 8 Aug 2011 18:03:09 +0200 Subject: [PATCH] LZW decompress: fix for CVE-2011-2895 Specially crafted LZW stream can crash an application using libXfont that is used to open untrusted font files. With X server, this may allow privilege escalation when exploited Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> --- src/fontfile/decompress.c | 2 ++ 1 files changed, 2 insertions(+), 0 deletions(-) diff --git a/src/fontfile/decompress.c b/src/fontfile/decompress.c index b1fc37b..c8171dd 100644 --- a/src/fontfile/decompress.c +++ b/src/fontfile/decompress.c @@ -259,6 +259,8 @@ BufCompressedFill (BufFilePtr f) */ while ( code >= 256 ) { + if (stackp - de_stack >= STACK_SIZE - 1) + return BUFFILEEOF; *stackp++ = file->tab_suffix[code]; code = file->tab_prefix[code]; } -- 1.7.4.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor