Package: libgd2 / 2.0.36~rc1~dfsg-5+deb6u1

0005_CVE-2014-2497.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
From 463c3bd09bfe8e924e19acad7a2a6af16953a704 Mon Sep 17 00:00:00 2001
From: Remi Collet <fedora@famillecollet.com>
Date: Mon, 4 Aug 2014 10:31:25 +0200
Subject: [PATCH] CVE-2014-2497, NULL pointer dereference, fix #126

--- a/gdxpm.c
+++ b/gdxpm.c
@@ -43,10 +43,16 @@
   if (ret != XpmSuccess)
     return 0;
 
+  number = image.ncolors;
+  for(i = 0; i < number; i++) {
+    if (!image.colorTable[i].c_color) {
+      return 0;
+    }
+  }
+
   if (!(im = gdImageCreate (image.width, image.height)))
     return 0;
 
-  number = image.ncolors;
 	if (overflow2(sizeof (int), number)) {
 		return 0;
 	}