diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-02-08 22:19:01 -0500 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-14 16:14:31 +0100 |
commit | bb7abd9da9badc6cb825c636867cbef827141f36 (patch) | |
tree | a14541b68c461db7093750c424b2254a88948c6c /nx-X11/lib/font/Speedo/spfont.c | |
parent | c6aebf9284855a0e24ad9c5ffdd36aa65e16bec7 (diff) | |
download | nx-libs-bb7abd9da9badc6cb825c636867cbef827141f36.tar.gz nx-libs-bb7abd9da9badc6cb825c636867cbef827141f36.tar.bz2 nx-libs-bb7abd9da9badc6cb825c636867cbef827141f36.zip |
CVE-2014-0211: integer overflow in fs_read_extent_info() from xorg/lib/libXfont commit c578408c1fd4db09e4e3173f8a9e65c81cc187c1
fs_read_extent_info() parses a reply from the font server.
The reply contains a 32bit number of elements field which is used
to calculate a buffer length. There is an integer overflow in this
calculation which can lead to memory corruption.
Diffstat (limited to 'nx-X11/lib/font/Speedo/spfont.c')
0 files changed, 0 insertions, 0 deletions