1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
|
From: Michael R Sweet <msweet@msweet.org>
Date: Fri, 5 Nov 2021 09:35:10 -0400
Subject: CVE-2021-43579
Fix potential BMP stack overflow (Issue #453)
---
htmldoc/image.cxx | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/htmldoc/image.cxx b/htmldoc/image.cxx
index caa764d..fd7501e 100644
--- a/htmldoc/image.cxx
+++ b/htmldoc/image.cxx
@@ -904,12 +904,16 @@ image_load_bmp(image_t *img, /* I - Image to load into */
return (-1);
if (info_size > 40)
+ {
for (info_size -= 40; info_size > 0; info_size --)
getc(fp);
+ }
// Get colormap...
if (colors_used == 0 && depth <= 8)
colors_used = 1 << depth;
+ else if (colors_used > 256)
+ return (-1);
fread(colormap, (size_t)colors_used, 4, fp);
|
