diff options
author | Mike DePaulo <mikedep333@gmail.com> | 2015-02-08 22:38:32 -0500 |
---|---|---|
committer | Mike Gabriel <mike.gabriel@das-netzwerkteam.de> | 2015-02-14 16:14:31 +0100 |
commit | b65259bf3bcca15b5069cb7a6c06f95a40f79813 (patch) | |
tree | 41335bc09948cb72fbd76dcdd2f9919ce965c53c /nx-X11/programs/Xserver/render/picture.c | |
parent | ef439da38d3a4c00a4e03e7d8f83cb359cd9a230 (diff) | |
download | nx-libs-b65259bf3bcca15b5069cb7a6c06f95a40f79813.tar.gz nx-libs-b65259bf3bcca15b5069cb7a6c06f95a40f79813.tar.bz2 nx-libs-b65259bf3bcca15b5069cb7a6c06f95a40f79813.zip |
CVE-2014-0210: unvalidated length fields in fs_read_list_info() from xorg/lib/libXfont commit d338f81df1e188eb16e1d6aeea7f4800f89c1218
fs_read_list_info() parses a reply from the font server. The reply
contains a number of additional data items with embedded length or
count fields, none of which are validated. This can cause out of
bound reads when looping over these items in the reply.
Diffstat (limited to 'nx-X11/programs/Xserver/render/picture.c')
0 files changed, 0 insertions, 0 deletions