svn commit: r388051 - in head/graphics/rawstudio: . files
Jan Beich
jbeich at FreeBSD.org
Sun May 31 10:00:42 UTC 2015
Xin LI <delphij at FreeBSD.org> writes:
> Author: delphij
> Date: Sun May 31 09:14:02 2015
> New Revision: 388051
> URL: https://svnweb.freebsd.org/changeset/ports/388051
>
> Log:
> Apply vendor patch for "Avoid overflow in ljpeg_start()"
> (changeset 983bda1f) to prevent a denial of service (crash) via a
> crafted image
[...]
> Security: CVE-2015-3885
> Security: 57325ecf-facc-11e4-968f-b888e347c638
[...]
> @@ -0,0 +1,12 @@
> +--- plugins/load-dcraw/dcraw.cc.orig 2015-05-29 01:03:46 UTC
> ++++ plugins/load-dcraw/dcraw.cc
> +@@ -869,7 +869,8 @@ struct jhead {
> +
> + int CLASS ljpeg_start (struct jhead *jh, int info_only)
> + {
> +- int c, tag, len;
> ++ int c, tag;
> ++ ushort len;
> + uchar data[0x10000];
> + const uchar *dp;
> +
Affected code is also present in at least the following ports:
graphics/darktable
graphics/dcraw
graphics/dcraw-m
graphics/freeimage
graphics/libraw
graphics/netpbm
graphics/opengtl
multimedia/kodi
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 602 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20150531/961a5f6f/attachment.sig>
More information about the svn-ports-all
mailing list