mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-08-31 03:11:18 +02:00
7f6b53170f
CVE-2017-17784, CVE-2017-17785, CVE-2017-17786, CVE-2017-17787, CVE-2017-17789 Fixes #8350 CVE-2017-17788 applies only to >= v2.9.6
39 lines
1.2 KiB
Diff
39 lines
1.2 KiB
Diff
From 01898f10f87a094665a7fdcf7153990f4e511d3f Mon Sep 17 00:00:00 2001
|
|
From: Jehan <jehan@girinstud.io>
|
|
Date: Wed, 20 Dec 2017 16:44:20 +0100
|
|
Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow...
|
|
|
|
... in PSP importer.
|
|
Check if declared block length is valid (i.e. within the actual file)
|
|
before going further.
|
|
Consider the file as broken otherwise and fail loading it.
|
|
|
|
(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8)
|
|
---
|
|
plug-ins/common/file-psp.c | 9 +++++++++
|
|
1 file changed, 9 insertions(+)
|
|
|
|
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c
|
|
index ac0fff7..4cbafe3 100644
|
|
--- a/plug-ins/common/file-psp.c
|
|
+++ b/plug-ins/common/file-psp.c
|
|
@@ -1771,6 +1771,15 @@ load_image (const gchar *filename,
|
|
{
|
|
block_start = ftell (f);
|
|
|
|
+ if (block_start + block_total_len > st.st_size)
|
|
+ {
|
|
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED,
|
|
+ _("Could not open '%s' for reading: %s"),
|
|
+ gimp_filename_to_utf8 (filename),
|
|
+ _("invalid block size"));
|
|
+ goto error;
|
|
+ }
|
|
+
|
|
if (id == PSP_IMAGE_BLOCK)
|
|
{
|
|
if (block_number != 0)
|
|
--
|
|
cgit v0.12
|
|
|