Thanks for this report! Since the w and h variables are unsigned, this
is actually "just" a denial of service crash, since the loop that copies
out the data will run until it segfaults, so the results aren't
controllable.
** Changed in: gdk-pixbuf (Ubuntu)
Status: New => Confirmed
** Changed in: gdk-pixbuf (Ubuntu)
Importance: Undecided => Low
** This bug is no longer flagged as a security vulnerability
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
https://bugs.launchpad.net/bugs/681150
Title:
Integer overflow in XBM file loader
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
