19 lines
1.0 KiB
C
19 lines
1.0 KiB
C
$NetBSD: patch-src_ipa_ipa.h,v 1.1 2015/07/17 12:33:47 sevan Exp $
|
|
|
|
CVE-2015-4588 - Heap-based buffer overflow in the DecodeImage function in libwmf
|
|
0.2.8.4 allows remote attackers to cause a denial of service (crash) or possibly
|
|
execute arbitrary code via a crafted "run-length count" in an image in a WMF
|
|
file.
|
|
|
|
--- src/ipa/ipa.h.orig 2015-07-17 00:40:28.000000000 +0000
|
|
+++ src/ipa/ipa.h
|
|
@@ -48,7 +48,7 @@ static int ReadBlobByte (BMPS
|
|
static unsigned short ReadBlobLSBShort (BMPSource*);
|
|
static unsigned long ReadBlobLSBLong (BMPSource*);
|
|
static long TellBlob (BMPSource*);
|
|
-static void DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
|
|
+static int DecodeImage (wmfAPI*,wmfBMP*,BMPSource*,unsigned int,unsigned char*);
|
|
static void ReadBMPImage (wmfAPI*,wmfBMP*,BMPSource*);
|
|
static int ExtractColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned int,unsigned int);
|
|
static void SetColor (wmfAPI*,wmfBMP*,wmfRGB*,unsigned char,unsigned int,unsigned int);
|