Sophie

Sophie

distrib > Mageia > 5 > i586 > media > core-updates-src > by-pkgid > 22f61de457aaa3d991c2f703a42f97af > files > 1

gimp-2.8.14-4.3.mga5.src.rpm

From: Hanno Boeck <hanno@hboeck.de>
Date: Mon, 27 Nov 2017 00:37:29 +0100
Subject: 790783 - buffer overread in XCF parser if version field...
Origin: https://git.gnome.org/browse/GIMP/commit/?id=702c4227e8b6169f781e4bb5ae4b5733f51ab126
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17788
Bug-Debian: https://bugs.debian.org/885347
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790783

...has no null terminator

Check for the presence of '\0' before using atoi() on the version
string. Patch slightly modified (mitch).
[carnil: backport to gimp-2-8: affected code in xcf_load_invoker]
---
 app/xcf/xcf.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

--- a/app/xcf/xcf.c
+++ b/app/xcf/xcf.c
@@ -318,7 +318,8 @@ xcf_load_invoker (GimpProcedure      *pr
         {
           info.file_version = 0;
         }
-      else if (id[9] == 'v')
+      else if (id[9]  == 'v' &&
+               id[13] == '\0')
         {
           info.file_version = atoi (id + 10);
         }

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional