Avoid CVE-2023-43786: stack exhaustion in XPutImage()
This doesn't fix the CVE - that has to happen in libX11, this
just tries to avoid triggering it from libXpm, and saves time
in not pretending we can successfully create an X11 pixmap with
dimensions larger than the unsigned 16-bit integers used in the
X11 protocol for the dimensions.
Reported by Yair Mizrahi of the JFrog Vulnerability Research team
Signed-off-by: 
Alan Coopersmith <alan.coopersmith@oracle.com>
Showing
- src/CrPFrBuf.c 23 additions, 5 deletionssrc/CrPFrBuf.c
- src/CrPFrDat.c 23 additions, 8 deletionssrc/CrPFrDat.c
- src/CrPFrI.c 9 additions, 1 deletionsrc/CrPFrI.c
- src/RdFToP.c 23 additions, 5 deletionssrc/RdFToP.c
- src/XpmI.h 1 addition, 1 deletionsrc/XpmI.h
- src/create.c 23 additions, 5 deletionssrc/create.c
Loading
Please register or sign in to comment