aboutsummaryrefslogtreecommitdiff
path: root/bin/nxproxy.in
diff options
context:
space:
mode:
authorAlan Coopersmith <alan.coopersmith@oracle.com>2013-03-01 19:30:09 -0800
committerUlrich Sibiller <uli42@gmx.de>2016-10-12 09:34:39 +0200
commit2a1fbb1818bc56342e23e026004e0e7c4059cb6a (patch)
tree7ecdc6e9e242618f6923bd97957cc71033f9603c /bin/nxproxy.in
parente03f3922a3d97174916273e369b2e9a90f53a05a (diff)
downloadnx-libs-2a1fbb1818bc56342e23e026004e0e7c4059cb6a.tar.gz
nx-libs-2a1fbb1818bc56342e23e026004e0e7c4059cb6a.tar.bz2
nx-libs-2a1fbb1818bc56342e23e026004e0e7c4059cb6a.zip
unvalidated lengths in XAllocColorCells() [CVE-2013-1997 1/15]
If a broken server returned larger than requested values for nPixels or nMasks, XAllocColorCells would happily overflow the buffers provided by the caller to write the results into. Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com> Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com> Reviewed-by: Matthieu Herrb <matthieu.herrb@laas.fr> Signed-off-by: Julien Cristau <jcristau@debian.org> Backported-to-NX-by: Ulrich Sibiller <uli42@gmx.de>
Diffstat (limited to 'bin/nxproxy.in')
0 files changed, 0 insertions, 0 deletions