path: root/COPYING
diff options
authorAlan Coopersmith <>2014-04-25 23:02:42 -0700
committerAlan Coopersmith <>2014-05-12 23:31:56 -0700
commitc578408c1fd4db09e4e3173f8a9e65c81cc187c1 (patch)
tree1a999d99d2dc8ec3fc7dc415fec19848b98327a2 /COPYING
parent491291cabf78efdeec8f18b09e14726a9030cc8f (diff)
CVE-2014-0211: integer overflow in fs_read_extent_info()
fs_read_extent_info() parses a reply from the font server. The reply contains a 32bit number of elements field which is used to calculate a buffer length. There is an integer overflow in this calculation which can lead to memory corruption. Reported-by: Ilja Van Sprundel <> Signed-off-by: Alan Coopersmith <> Reviewed-by: Adam Jackson <> Reviewed-by: Matthieu Herrb <>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions