Fix CVE-2022-46285: Infinite loop on unclosed comments
When reading XPM images from a file with libXpm 3.5.14 or older, if a comment in the file is not closed (i.e. a C-style comment starts with "/*" and is missing the closing "*/"), the ParseComment() function will loop forever calling getc() to try to read the rest of the comment, failing to notice that it has returned EOF, which may cause a denial of service to the calling program. Reported-by:Marco Ivaldi <raptor@0xdeadbeef.info> Signed-off-by:
Alan Coopersmith <alan.coopersmith@oracle.com>
Loading
Please register or sign in to comment