diff options
Diffstat (limited to 'main/openjpeg/CVE-2017-17480.patch')
| -rw-r--r-- | main/openjpeg/CVE-2017-17480.patch | 42 |
1 files changed, 0 insertions, 42 deletions
diff --git a/main/openjpeg/CVE-2017-17480.patch b/main/openjpeg/CVE-2017-17480.patch deleted file mode 100644 index 032315c1d2..0000000000 --- a/main/openjpeg/CVE-2017-17480.patch +++ /dev/null @@ -1,42 +0,0 @@ -From 0bc90e4062a5f9258c91eca018c019b179066c62 Mon Sep 17 00:00:00 2001 -From: Hugo Lefeuvre <hle@debian.org> -Date: Mon, 22 Oct 2018 16:59:41 +0200 -Subject: [PATCH] jp3d/jpwl convert: fix write stack buffer overflow - -Missing buffer length formatter in fscanf call might lead to write -stack buffer overflow. - -fixes #1044 (CVE-2017-17480) ---- - src/bin/jp3d/convert.c | 4 ++-- - src/bin/jpwl/convert.c | 2 +- - 2 files changed, 3 insertions(+), 3 deletions(-) - -diff --git a/src/bin/jp3d/convert.c b/src/bin/jp3d/convert.c -index 23fd70b04..acad8f82a 100644 ---- a/src/bin/jp3d/convert.c -+++ b/src/bin/jp3d/convert.c -@@ -297,8 +297,8 @@ opj_volume_t* pgxtovolume(char *relpath, opj_cparameters_t *parameters) - fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]); - - fseek(f, 0, SEEK_SET); -- fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2, -- signtmp, &prec, temp, &w, temp, &h); -+ fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, -+ &endian2, signtmp, &prec, temp, &w, temp, &h); - - i = 0; - sign = '+'; -diff --git a/src/bin/jpwl/convert.c b/src/bin/jpwl/convert.c -index f3bb670b0..73c1be729 100644 ---- a/src/bin/jpwl/convert.c -+++ b/src/bin/jpwl/convert.c -@@ -1349,7 +1349,7 @@ opj_image_t* pgxtoimage(const char *filename, opj_cparameters_t *parameters) - } - - fseek(f, 0, SEEK_SET); -- if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, -+ if (fscanf(f, "PG%31[ \t]%c%c%31[ \t+-]%d%31[ \t]%d%31[ \t]%d", temp, &endian1, - &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { - fprintf(stderr, - "ERROR: Failed to read the right number of element from the fscanf() function!\n"); |