Package: libgd2 / 2.0.36~rc1~dfsg-6.1+deb7u2

0002_CVE-2009-3546.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
CVE-2009-3546: buffer overflow or buffer over-read attacks via a crafted GD file
http://svn.php.net/viewvc?view=revision&revision=289557
--- a/gd_gd.c
+++ b/gd_gd.c
@@ -44,6 +44,10 @@
 	    {
 	      goto fail1;
 	    }
+	  if (im->colorsTotal > gdMaxColors)
+	    {
+	      goto fail1;
+	    }
 	}
       /* Int to accommodate truecolor single-color transparency */
       if (!gdGetInt (&im->transparent, in))