rpms/jasper
7
0
Fork 0
Code Issues Pull Requests Releases Activity
f9ae9f5e6d
jasper/jasper-1.900.1-CVE-2008-3522.patch
Rex Dieter 1c0f91fcda - CVE-2008-3520 jasper: multiple integer overflows in jas_alloc calls 
(#461476)
- CVE-2008-3522 jasper: possible buffer overflow in jas_stream_printf()
    (#461478)
2009-10-26 16:27:35 +00:00

15 lines
580 B
Diff
Raw Blame History

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2008-3522
diff -pruN jasper-1.900.1.orig/src/libjasper/base/jas_stream.c jasper-1.900.1/src/libjasper/base/jas_stream.c
--- jasper-1.900.1.orig/src/libjasper/base/jas_stream.c 2009-10-22 10:27:45.000000000 +0200
+++ jasper-1.900.1/src/libjasper/base/jas_stream.c 2009-10-22 10:35:53.000000000 +0200
@@ -553,7 +553,7 @@ int jas_stream_printf(jas_stream_t *stre
int ret;
va_start(ap, fmt);
- ret = vsprintf(buf, fmt, ap);
+ ret = vsnprintf(buf, sizeof buf, fmt, ap);
jas_stream_puts(stream, buf);
va_end(ap);
return ret;
Reference in New Issue View Git Blame Copy Permalink