Package: sdl-image1.2 / 1.2.12-5+deb8u1

CVE-2017-14440.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Description: lbm: Don't overflow static colormap buffer.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/bfa08dc02b3c

--- a/IMG_lbm.c
+++ b/IMG_lbm.c
@@ -187,6 +187,11 @@ SDL_Surface *IMG_LoadLBM_RW( SDL_RWops *src )
 
 		if ( !memcmp( id, "CMAP", 4 ) ) /* palette ( Color Map ) */
 		{
+			if (size > sizeof (colormap)) {
+				error="colormap size is too large";
+				goto done;
+			}
+
 			if ( !SDL_RWread( src, &colormap, size, 1 ) )
 			{
 				error="error reading CMAP chunk";