summaryrefslogtreecommitdiff
path: root/media-libs/libextractor/files
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/libextractor/files')
-rw-r--r--media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch b/media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch
new file mode 100644
index 000000000000..11344d3946af
--- /dev/null
+++ b/media-libs/libextractor/files/libextractor-1.9-CVE-2019-15531.patch
@@ -0,0 +1,15 @@
+Description: fix heap-based buffer over-read.
+Origin: upstream, commit: d2b032452241708bee68d02aa02092cfbfba951a
+Author: Christian Grothoff <christian@grothoff.org>
+
+--- a/src/plugins/dvi_extractor.c
++++ b/src/plugins/dvi_extractor.c
+@@ -182,6 +182,8 @@
+ size = ec->get_size (ec->cls);
+ if (size > 16 * 1024 * 1024)
+ return; /* too large */
++ if (klen + 15 > size)
++ return; /* malformed klen */
+ if (NULL == (data = malloc ((size_t) size)))
+ return; /* out of memory */
+ memcpy (data, buf, iret);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-15 12:35:27 +0000