diff options
author | Michael Nottebrock <lofi@FreeBSD.org> | 2007-07-30 21:59:27 +0000 |
---|---|---|
committer | Michael Nottebrock <lofi@FreeBSD.org> | 2007-07-30 21:59:27 +0000 |
commit | b09d5e70f1f2527131f46d6332cfd7e34ef6bfdf (patch) | |
tree | 50536d036a6e38df7489852614b93358e418a2f7 /editors/calligra/files | |
parent | Fix various format string vulnerabilities in Qt3 and Qt4. (diff) |
Fix buffer overflow vulnerability in xpdf code.
Security: http://www.kde.org/info/security/advisory-20070730-1.txt
Security: CVE-2007-3387
Notes
Notes:
svn path=/head/; revision=196764
Diffstat (limited to 'editors/calligra/files')
-rw-r--r-- | editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff b/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff new file mode 100644 index 000000000000..ded0e07205a7 --- /dev/null +++ b/editors/calligra/files/patch-koffice-xpdf-CVE-2007-3387.diff @@ -0,0 +1,20 @@ +--- filters/kword/pdf/xpdf/xpdf/Stream.cc ++++ filters/kword/pdf/xpdf/xpdf/Stream.cc +@@ -413,13 +413,11 @@ StreamPredictor::StreamPredictor(Stream + predLine = NULL; + ok = gFalse; + +- if (width <= 0 || nComps <= 0 || nBits <= 0 || +- nComps >= INT_MAX / nBits || +- width >= INT_MAX / nComps / nBits) +- return; +- + nVals = width * nComps; +- if (nVals * nBits + 7 <= 0) ++ if (width <= 0 || nComps <= 0 || nBits <= 0 || ++ nComps >= 4 || nBits > 16 || ++ width >= INT_MAX / nComps || ++ nVals >= (INT_MAX - 7) / nBits) + return; + + pixBytes = (nComps * nBits + 7) >> 3; |