diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-04-25 23:02:42 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-05-12 23:31:56 -0700 |
commit | c578408c1fd4db09e4e3173f8a9e65c81cc187c1 (patch) | |
tree | 1a999d99d2dc8ec3fc7dc415fec19848b98327a2 /Makefile.am | |
parent | 491291cabf78efdeec8f18b09e14726a9030cc8f (diff) |
CVE-2014-0211: integer overflow in fs_read_extent_info()
fs_read_extent_info() parses a reply from the font server.
The reply contains a 32bit number of elements field which is used
to calculate a buffer length. There is an integer overflow in this
calculation which can lead to memory corruption.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'Makefile.am')
0 files changed, 0 insertions, 0 deletions