summaryrefslogtreecommitdiff
path: root/COPYING
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2014-04-25 23:02:42 -0700
committerAlan Coopersmith <alan.coopersmith@oracle.com>2014-05-12 23:31:56 -0700
commitc578408c1fd4db09e4e3173f8a9e65c81cc187c1 (patch)
tree1a999d99d2dc8ec3fc7dc415fec19848b98327a2 /COPYING
parent491291cabf78efdeec8f18b09e14726a9030cc8f (diff)
CVE-2014-0211: integer overflow in fs_read_extent_info()
fs_read_extent_info() parses a reply from the font server. The reply contains a 32bit number of elements field which is used to calculate a buffer length. There is an integer overflow in this calculation which can lead to memory corruption. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'COPYING')
0 files changed, 0 insertions, 0 deletions