Snippets Groups Projects

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

gitlab.freedesktop.org will be unavailable for up to a week starting March 16th, due to our ongoing infrastructure move. You can follow our planning tracker at https://gitlab.freedesktop.org/freedesktop/freedesktop/-/issues/2076

Commit f80fa6ae authored 2 years ago by Alan Coopersmith

Fix CVE-2022-44617: Runaway loop with width of 0 and enormous height


When reading XPM images from a file with libXpm 3.5.14 or older, if a
image has a width of 0 and a very large height, the ParsePixels() function
will loop over the entire height calling getc() and ungetc() repeatedly,
or in some circumstances, may loop seemingly forever, which may cause a
denial of service to the calling program when given a small crafted XPM
file to parse.

Closes: #2

Reported-by: Martin Ettl <ettl.martin78@googlemail.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>

parent f7fbbb92

Hide whitespace changes

Inline Side-by-side

Showing with 41 additions and 10 deletions

Peter Hutterer @whot
mentioned in merge request !13 (merged)
· 2 years ago

mentioned in merge request !13 (merged)

mentioned in merge request !13

Toggle commit list

Please register or to comment