nx-X11/lib/font/fc · e29bbd5bf0565eaf7c02f85a57b87f66531fa6b3 · dimbor / nx-libs

CVE-2014-0210: unvalidated length fields in fs_read_query_info() from… · e29bbd5b

authored Feb 08, 2015

CVE-2014-0210: unvalidated length fields in fs_read_query_info() from xorg/lib/libXfont commit 491291cabf78efdeec8f18b09e14726a9030cc8f

fs_read_query_info() parses a reply from the font server.  The reply
contains embedded length fields, none of which are validated.  This
can cause out of bound reads in either fs_read_query_info() or in
_fs_convert_props() which it calls to parse the fsPropInfo in the reply.

v2: apply correctly on nx-libs 3.6.x (Mihai Moldovan)

e29bbd5b

Name	Last commit	Last update
..
Imakefile		Loading commit data...
fsconvert.c		Loading commit data...
fserve.c		Loading commit data...
fserve.h		Loading commit data...
fservestr.h		Loading commit data...
fsio.c		Loading commit data...
fsio.h		Loading commit data...
fsio.h.NX.reference		Loading commit data...
fsio.h.XF86.reference		Loading commit data...
fslibos.h		Loading commit data...