Package: libcroco / 0.6.12-3
Metadata
Package | Version | Patches format |
---|---|---|
libcroco | 0.6.12-3 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
CVE 2017 7960 heap buffer overflow.patch | (download) |
src/cr-input.c |
11 9 + 2 - 0 ! |
input: check end of input before reading a byte When reading bytes we weren't check that the index wasn't out of bound and this could produce an invalid read which could deal to a security bug. |
CVE 2017 7961 double to long check.patch | (download) |
src/cr-tknzr.c |
10 10 + 0 - 0 ! |
tknzr: support only max long rgb values This fixes a possible out of bound when reading rgbs which are longer than the support MAXLONG |
1