Package: libimlib2-dev
Version: 1.4.0-1.1
Tags: security
Followup-For: Bug #505714
This is another buffer overflow in the XPM loader. (The xpm attached
to this bug report is a 32x32 image according to the header, but
contains 33x32 pixels.)
--- a/src/modules/loaders/loader_xpm.c
+++ b/src/modules/loaders/loader_xpm.c
@@ -246,8 +246,8 @@
return 0;
}
ptr = im->data;
- end = ptr + (sizeof(DATA32) * w * h);
pixels = w * h;
+ end = ptr + pixels;
}
else
{
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
