Package: libcroco | Debian Sources

Package: libcroco / 0.6.12-3

Metadata

Package	Version	Patches format
libcroco	0.6.12-3	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
CVE 2017 7960 heap buffer overflow.patch \| (download)	src/cr-input.c \| 11 9 + 2 - 0 ! 1 file changed, 9 insertions(+), 2 deletions(-)	input: check end of input before reading a byte When reading bytes we weren't check that the index wasn't out of bound and this could produce an invalid read which could deal to a security bug.
CVE 2017 7961 double to long check.patch \| (download)	src/cr-tknzr.c \| 10 10 + 0 - 0 ! 1 file changed, 10 insertions(+)	tknzr: support only max long rgb values This fixes a possible out of bound when reading rgbs which are longer than the support MAXLONG

Patch

File delta

Description

CVE 2017 7960 heap buffer overflow.patch | (download)

src/cr-input.c | 11 9 + 2 - 0 !
1 file changed, 9 insertions(+), 2 deletions(-)

 input: check end of input before reading a byte

When reading bytes we weren't check that the index wasn't
out of bound and this could produce an invalid read which
could deal to a security bug.

CVE 2017 7961 double to long check.patch | (download)

src/cr-tknzr.c | 10 10 + 0 - 0 !
1 file changed, 10 insertions(+)

 tknzr: support only max long rgb values

This fixes a possible out of bound when reading rgbs which
are longer than the support MAXLONG