Package: libcroco / 0.6.12-3

Metadata

Package Version Patches format
libcroco 0.6.12-3 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2017 7960 heap buffer overflow.patch | (download)

src/cr-input.c | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 input: check end of input before reading a byte

When reading bytes we weren't check that the index wasn't
out of bound and this could produce an invalid read which
could deal to a security bug.

CVE 2017 7961 double to long check.patch | (download)

src/cr-tknzr.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 tknzr: support only max long rgb values

This fixes a possible out of bound when reading rgbs which
are longer than the support MAXLONG