diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-04-25 23:03:24 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2014-05-12 23:32:15 -0700 |
commit | 520683652564c2a4e42328ae23eef9bb63271565 (patch) | |
tree | 33d3d64a01403e47eddab17321e76b7cfaa794e7 /include/X11 | |
parent | a3f21421537620fc4e1f844a594a4bcd9f7e2bd8 (diff) |
CVE-2014-0210: unvalidated length fields in fs_read_glyphs()
fs_read_glyphs() parses a reply from the font server. The reply
contains embedded length fields, none of which are validated.
This can cause out of bound reads when looping over the glyph
bitmaps in the reply.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Reviewed-by: Adam Jackson <ajax@redhat.com>
Reviewed-by: Matthieu Herrb <matthieu@herrb.eu>
Diffstat (limited to 'include/X11')
0 files changed, 0 insertions, 0 deletions