Package: sdl-image1.2 / 1.2.12-5+deb8u1

CVE-2017-14442.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Description: bmp: don't overflow palette buffer with bogus biClrUsed values.
Origin: upstream, https://hg.libsdl.org/SDL_image/rev/37445f6180a8

--- a/IMG_bmp.c
+++ b/IMG_bmp.c
@@ -760,6 +760,11 @@
         if (biClrUsed == 0) {
             biClrUsed = 1 << biBitCount;
         }
+        if (biClrUsed > SDL_arraysize(palette)) {
+            IMG_SetError("Unsupported or incorrect biClrUsed field");
+            was_error = SDL_TRUE;
+            goto done;
+        }
         for (i = 0; i < (int) biClrUsed; ++i) {
             SDL_RWread(src, &palette[i], 4, 1);
         }