Package: imlib2 / 1.4.8-1
Metadata
Package | Version | Patches format |
---|---|---|
imlib2 | 1.4.8-1 | 3.0 (quilt) |
Patch series
view the series filePatch | File delta | Description |
---|---|---|
01_removed data dir.patch | (download) |
Makefile.am |
2 1 + 1 - 0 ! |
do not install files under data/ |
02_fix gif with no cmap.patch | (download) |
src/modules/loaders/loader_gif.c |
15 11 + 4 - 0 ! |
do not segfault when loading gif without color map |
03_CVE 2011 5326.patch | (download) |
src/lib/ellipse.c |
24 24 + 0 - 0 ! |
fix potential divide-by-zero in imlib_image_draw_ellipse(). Attempting to draw a 2x1 ellipse with e.g. imlib_image_draw_ellipse(x, y, 2, 1) causes a divide-by-zero. It seems happy enough to draw 1x1, 1x2 and 2x2, but not 2x1. Patch by Simon Lees. https://bugs.debian.org/639414 |
04_CVE 2016 3993.patch | (download) |
src/lib/updates.c |
2 1 + 1 - 0 ! |
fix off-by-one oob read in __imlib_mergeupdate(). Patch by Yuriy M. Kaminskiy. https://bugs.debian.org/819818 |
05_CVE 2016 3994.patch | (download) |
src/modules/loaders/loader_gif.c |
38 17 + 21 - 0 ! |
gif loader: fix out-of-bound reads from colormap. Bug-Debian: http://bugs.debian.org/785369 Note: removes all special-casing from the inner loop, optimize for common case. |
06_CVE 2016 4024.patch | (download) |
src/lib/image.h |
3 2 + 1 - 0 ! |
fix integer overflow resulting in insufficient heap allocation IMAGE_DIMENSIONS_OK ensures that image width and height are less then 46340, so that maximum number of pixels is ~2**31. Unfortunately, there are a lot of code that allocates image data with something like malloc(w * h * sizeof(DATA32)); Obviously, on 32-bit machines this results in integer overflow, insufficient heap allocation, with [massive] out-of-bounds heap overwrite. Either X_MAX should be reduced to 32767, or (w)*(h) should be checked to not exceed ULONG_MAX/sizeof(DATA32). Security implications: *) for 32-bit machines: insufficient heap allocation and heap overwrite in many image loaders, with escalation potential to remote code execution; *) for 64-bit machines: it seems, no impact. |