[Pkg-tigervnc-devel] Bug#849479: tigervnc: CVE-2014-8240: integer overflow flaw, leading to a heap-based buffer overflow in screen size handling
Salvatore Bonaccorso
carnil at debian.org
Thu Dec 29 05:07:54 UTC 2016
Example, we have the following code in Image.cxx (all Debian patches
applied):
75 void Image::Init(int width, int height)
76 {
77 Visual* vis = DefaultVisual(dpy, DefaultScreen(dpy));
78 trueColor = (vis->c_class == TrueColor);
79
80 xim = XCreateImage(dpy, vis, DefaultDepth(dpy, DefaultScreen(dpy)),
81 ZPixmap, 0, 0, width, height, BitmapPad(dpy), 0);
82
83 xim->data = (char *)malloc(xim->bytes_per_line * xim->height);
The referenced Red Hat patch will first validate xim->byptes_per_line
et al.
Regards,
Salvatore
More information about the Pkg-tigervnc-devel
mailing list