CVE-2014-0210: unvalidated length fields in fs_read_glyphs() - xorg/lib/libXfont - X font handling library for server & utilities (mirrored from https://gitlab.freedesktop.org/xorg/lib/libxfont)

diff options

author	Alan Coopersmith <alan.coopersmith@oracle.com>	2014-04-25 23:03:24 -0700
committer	Alan Coopersmith <alan.coopersmith@oracle.com>	2014-05-12 23:32:15 -0700
commit	520683652564c2a4e42328ae23eef9bb63271565 (patch)
tree	33d3d64a01403e47eddab17321e76b7cfaa794e7 /README
parent	a3f21421537620fc4e1f844a594a4bcd9f7e2bd8 (diff)

CVE-2014-0210: unvalidated length fields in fs_read_glyphs()

fs_read_glyphs() parses a reply from the font server. The reply contains embedded length fields, none of which are validated. This can cause out of bound reads when looping over the glyph bitmaps in the reply. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Adam Jackson <ajax@redhat.com> Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>

Diffstat (limited to 'README')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: