dnrops
/
gimp
mirror of https://github.com/GNOME/gimp.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

plug-ins: Fix PSP vulnerability (ZDI-CAN-22097) 

Resolves #10071.

When reading RLE compressed data, a buffer was allocated to 127 bytes.
However, it can potentially be used to read 128 bytes, leading to a
off-by-one vulnerability. This patch allocates 128 bytes to the buffer
to prevent this from occurring.
This commit is contained in:
Alx Sa 2023-09-23 02:16:24 +00:00
parent 5211a2c3e8
commit e1bfd87195
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
plug-ins/common/file-psp.c
View File

@ -1649,7 +1649,7 @@ read_channel_data (FILE *f,
else
endq = q + line_width * height;
buf = g_malloc (127);
buf = g_malloc (128);
while (q < endq)
{
fread (&runcount, 1, 1, f);