| 1 |
luigiwalser |
1188362 |
From: Jehan <jehan@girinstud.io> |
| 2 |
|
|
Date: Wed, 20 Dec 2017 16:44:20 +0100 |
| 3 |
|
|
Subject: Bug 790849 - (CVE-2017-17789) CVE-2017-17789 Heap buffer overflow... |
| 4 |
|
|
Origin: https://git.gnome.org/browse/GIMP/commit/?id=01898f10f87a094665a7fdcf7153990f4e511d3f |
| 5 |
|
|
Bug-Debian-Security: https://security-tracker.debian.org/tracker/CVE-2017-17789 |
| 6 |
|
|
Bug-Debian: https://bugs.debian.org/884837 |
| 7 |
|
|
Bug: https://bugzilla.gnome.org/show_bug.cgi?id=790849 |
| 8 |
|
|
|
| 9 |
|
|
... in PSP importer. |
| 10 |
|
|
Check if declared block length is valid (i.e. within the actual file) |
| 11 |
|
|
before going further. |
| 12 |
|
|
Consider the file as broken otherwise and fail loading it. |
| 13 |
|
|
|
| 14 |
|
|
(cherry picked from commit 28e95fbeb5720e6005a088fa811f5bf3c1af48b8) |
| 15 |
|
|
--- |
| 16 |
|
|
plug-ins/common/file-psp.c | 9 +++++++++ |
| 17 |
|
|
1 file changed, 9 insertions(+) |
| 18 |
|
|
|
| 19 |
|
|
diff --git a/plug-ins/common/file-psp.c b/plug-ins/common/file-psp.c |
| 20 |
|
|
index ac0fff78f0..4cbafe37b1 100644 |
| 21 |
|
|
--- a/plug-ins/common/file-psp.c |
| 22 |
|
|
+++ b/plug-ins/common/file-psp.c |
| 23 |
|
|
@@ -1771,6 +1771,15 @@ load_image (const gchar *filename, |
| 24 |
|
|
{ |
| 25 |
|
|
block_start = ftell (f); |
| 26 |
|
|
|
| 27 |
|
|
+ if (block_start + block_total_len > st.st_size) |
| 28 |
|
|
+ { |
| 29 |
|
|
+ g_set_error (error, G_FILE_ERROR, G_FILE_ERROR_FAILED, |
| 30 |
|
|
+ _("Could not open '%s' for reading: %s"), |
| 31 |
|
|
+ gimp_filename_to_utf8 (filename), |
| 32 |
|
|
+ _("invalid block size")); |
| 33 |
|
|
+ goto error; |
| 34 |
|
|
+ } |
| 35 |
|
|
+ |
| 36 |
|
|
if (id == PSP_IMAGE_BLOCK) |
| 37 |
|
|
{ |
| 38 |
|
|
if (block_number != 0) |
| 39 |
|
|
-- |
| 40 |
|
|
2.15.1 |
| 41 |
|
|
|
Parent Directory
| 
Revision Log