diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-02-08 22:08:09 -0500 |
---|---|---|
committer | Mihai Moldovan <ionic@ionic.de> | 2015-02-16 05:47:25 +0100 |
commit | e29bbd5bf0565eaf7c02f85a57b87f66531fa6b3 (patch) | |
tree | 3c598bba4ffeb3b41b927d4cae846d4c190f9108 /nx-X11/lib/font/stubs/fatalerror.c | |
parent | 5fc2f57fb5520bb61e2c1f8b6fd2522b203b3b9d (diff) | |
download | nx-libs-e29bbd5bf0565eaf7c02f85a57b87f66531fa6b3.tar.gz nx-libs-e29bbd5bf0565eaf7c02f85a57b87f66531fa6b3.tar.bz2 nx-libs-e29bbd5bf0565eaf7c02f85a57b87f66531fa6b3.zip |
CVE-2014-0210: unvalidated length fields in fs_read_query_info() from xorg/lib/libXfont commit 491291cabf78efdeec8f18b09e14726a9030cc8f
fs_read_query_info() parses a reply from the font server. The reply
contains embedded length fields, none of which are validated. This
can cause out of bound reads in either fs_read_query_info() or in
_fs_convert_props() which it calls to parse the fsPropInfo in the reply.
v2: apply correctly on nx-libs 3.6.x (Mihai Moldovan)
Diffstat (limited to 'nx-X11/lib/font/stubs/fatalerror.c')
0 files changed, 0 insertions, 0 deletions