[Wayland-bugs] [Bug 103961] Security - Fix heap overflow with X cursor files

bugzilla-daemon Tue, 28 Nov 2017 12:42:06 -0800

https://bugs.freedesktop.org/show_bug.cgi?id=103961


            Bug ID: 103961
           Summary: Security - Fix heap overflow with X cursor files
           Product: Wayland
           Version: unspecified
          Hardware: Other
                OS: All
            Status: NEW
          Severity: normal
          Priority: medium
         Component: wayland
          Assignee: [email protected]
          Reporter: [email protected]

Created attachment 135783
  --> https://bugs.freedesktop.org/attachment.cgi?id=135783&action=edit
wayland-xcursor.patch

Fix heap overflows when parsing malicious files.

It is possible to trigger heap overflows due to an integer overflow
while parsing images.

The integer overflow occurs because the chosen limit 0x10000 for
dimensions is too large for 32 bit systems, because each pixel takes
4 bytes. Properly chosen values allow an overflow which in turn will
lead to less allocated memory than needed for subsequent reads.

This patch is ported from libXcursor:
https://cgit.freedesktop.org/xorg/lib/libXcursor/patch/?id=4794b5dd34688158fb51a2943032569d3780c4b8

-- 
You are receiving this mail because:
You are the assignee for the bug.

_______________________________________________
wayland-bugs mailing list
[email protected]
https://lists.freedesktop.org/mailman/listinfo/wayland-bugs

[Wayland-bugs] [Bug 103961] Security - Fix heap overflow with X cursor files

Reply via email to