pool/gd
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
gd/gd-CVE-2019-11038.patch
Petr Gajdos a36454e4ca - security update 
- added patches
  CVE-2019-11038 [bsc#1140118]
  + gd-CVE-2019-11038.patch

OBS-URL: https://build.opensuse.org/package/show/graphics/gd?expand=0&rev=57
2019-07-16 09:12:59 +00:00

19 lines
472 B
Diff
Raw Blame History

diff --git a/src/gd_xbm.c b/src/gd_xbm.c
index 4ca41acf..cf0545ef 100644
--- a/src/gd_xbm.c
+++ b/src/gd_xbm.c
@@ -169,7 +169,11 @@ BGD_DECLARE(gdImagePtr) gdImageCreateFromXbm(FILE * fd)
}
h[3] = ch;
}
- sscanf(h, "%x", &b);
+ if (sscanf(h, "%x", &b) != 1) {
+ gd_error("invalid XBM");
+ gdImageDestroy(im);
+ return 0;
+ }
for (bit = 1; bit <= max_bit; bit = bit << 1) {
gdImageSetPixel(im, x++, y, (b & bit) ? 1 : 0);
if (x == im->sx) {
Reference in New Issue View Git Blame Copy Permalink