diff options
| author | V3n3RiX <venerix@redcorelinux.org> | 2018-01-03 19:17:21 +0000 |
|---|---|---|
| committer | V3n3RiX <venerix@redcorelinux.org> | 2018-01-03 19:17:21 +0000 |
| commit | 81e4fbcb846ed1cabdad699c0029b166dd7273b7 (patch) | |
| tree | 16f1236b7a386949c02a6e3c13d0fcd8298fa133 /media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch | |
| parent | a70f42c65202d88c203c40910fef8f96f333d1ee (diff) | |
gentoo resync : 03.01.2018
Diffstat (limited to 'media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch')
| -rw-r--r-- | media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch new file mode 100644 index 000000000000..c7df330409f8 --- /dev/null +++ b/media-gfx/gimp/files/gimp-2.8.22-cve-2017-17784.patch @@ -0,0 +1,32 @@ +From c57f9dcf1934a9ab0cd67650f2dea18cb0902270 Mon Sep 17 00:00:00 2001 +From: Jehan <jehan@girinstud.io> +Date: Thu, 21 Dec 2017 12:25:32 +0100 +Subject: Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / + load_image. + +We were assuming the input name was well formed, hence was +nul-terminated. As any data coming from external input, this has to be +thorougly checked. +Similar to commit 06d24a79af94837d615d0024916bb95a01bf3c59 but adapted +to older gimp-2-8 code. +--- + plug-ins/common/file-gbr.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/plug-ins/common/file-gbr.c b/plug-ins/common/file-gbr.c +index b028100..d3f01d9 100644 +--- a/plug-ins/common/file-gbr.c ++++ b/plug-ins/common/file-gbr.c +@@ -443,7 +443,8 @@ load_image (const gchar *filename, + { + gchar *temp = g_new (gchar, bn_size); + +- if ((read (fd, temp, bn_size)) < bn_size) ++ if ((read (fd, temp, bn_size)) < bn_size || ++ temp[bn_size - 1] != '\0') + { + g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, + _("Error in GIMP brush file '%s'"), +-- +cgit v0.12 + |