nx-X11 · bb7abd9da9badc6cb825c636867cbef827141f36 · dimbor / nx-libs

CVE-2014-0211: integer overflow in fs_read_extent_info() from xorg/lib/libXfont… · bb7abd9d

authored Feb 08, 2015

CVE-2014-0211: integer overflow in fs_read_extent_info() from xorg/lib/libXfont commit c578408c1fd4db09e4e3173f8a9e65c81cc187c1

fs_read_extent_info() parses a reply from the font server.
The reply contains a 32bit number of elements field which is used
to calculate a buffer length. There is an integer overflow in this
calculation which can lead to memory corruption.

bb7abd9d

Name	Last commit	Last update
..
config		Loading commit data...
extras		Loading commit data...
include		Loading commit data...
lib		Loading commit data...
programs		Loading commit data...
BUILD		Loading commit data...
CHANGELOG		Loading commit data...
COPYING		Loading commit data...
ChangeLog.X.org		Loading commit data...
Imakefile		Loading commit data...
LABEL		Loading commit data...
LICENSE		Loading commit data...
Makefile		Loading commit data...
README		Loading commit data...
README.crypto		Loading commit data...
RELNOTES		Loading commit data...
registry		Loading commit data...
xf86Date.h		Loading commit data...

README