diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-01-07 12:44:28 -0800 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2023-01-12 15:47:43 -0800 |
commit | f80fa6ae47ad4a5beacb287c0030c9913b046643 (patch) | |
tree | 341e78d779bc7971441cd969f2782603b77ed9c7 /configure.ac | |
parent | f7fbbb92f6d383b21dd1587c3703a5de37c625b5 (diff) | |
download | xorg-lib-libXpm-f80fa6ae47ad4a5beacb287c0030c9913b046643.tar.gz |
Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height
When reading XPM images from a file with libXpm 3.5.14 or older, if a
image has a width of 0 and a very large height, the ParsePixels() function
will loop over the entire height calling getc() and ungetc() repeatedly,
or in some circumstances, may loop seemingly forever, which may cause a
denial of service to the calling program when given a small crafted XPM
file to parse.
Closes: #2
Reported-by: Martin Ettl <ettl.martin78@googlemail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'configure.ac')
0 files changed, 0 insertions, 0 deletions