diff options
| author |   Andreas K. Hüttel <dilfridge@gentoo.org> | 2017-01-27 21:58:11 +0100 |
|---|---|---|
| committer | Andreas K. Hüttel <dilfridge@gentoo.org> | 2017-01-27 21:58:34 +0100 |
| commit | d0b5a9d997ee762c077790a87a48bc611d765d74 (patch) | |
| tree | b7e9bdaa2bf0372591daeefd572b244d3bcf4a75 /media-libs/lcms/files | |
| parent | net-misc/tigervnc: Bump to v1.7.1 (bug #606460) (diff) | |
| download | gentoo-d0b5a9d997ee762c077790a87a48bc611d765d74.tar.gz gentoo-d0b5a9d997ee762c077790a87a48bc611d765d74.tar.bz2 gentoo-d0b5a9d997ee762c077790a87a48bc611d765d74.zip | |
media-libs/lcms: Add patch for out-of-bounds read in Type_MLU_Read() (CVE-2016-10165), bug 591452
Package-Manager: Portage-2.3.3, Repoman-2.3.1
Diffstat (limited to 'media-libs/lcms/files')
| -rw-r--r-- | media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch b/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch new file mode 100644 index 000000000000..b380cf40d5a7 --- /dev/null +++ b/media-libs/lcms/files/lcms-2.8-CVE-2016-10165.patch @@ -0,0 +1,22 @@ +From 5ca71a7bc18b6897ab21d815d15e218e204581e2 Mon Sep 17 00:00:00 2001 +From: Marti <marti.maria@tktbrainpower.com> +Date: Mon, 15 Aug 2016 23:31:39 +0200 +Subject: [PATCH] Added an extra check to MLU bounds + +Thanks to Ibrahim el-sayed for spotting the bug +--- + src/cmstypes.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/cmstypes.c b/src/cmstypes.c +index cb61860..c7328b9 100644 +--- a/src/cmstypes.c ++++ b/src/cmstypes.c +@@ -1460,6 +1460,7 @@ void *Type_MLU_Read(struct _cms_typehandler_struct* self, cmsIOHANDLER* io, cmsU + + // Check for overflow + if (Offset < (SizeOfHeader + 8)) goto Error; ++ if ((Offset + Len) > SizeOfTag + 8) goto Error; + + // True begin of the string + BeginOfThisString = Offset - SizeOfHeader - 8; |