patch for CVE-2015-3885: don't write past array boundaries

Brought to you by: nkbj, udifuchs

#396 patch for CVE-2015-3885: don't write past array boundaries

Milestone: UFRaw_development_branch

Status: closed-fixed

Owner: nobody

Labels: None

Priority: 5

Updated: 2015-05-22

Created: 2015-05-21

Creator: Nils Philippsen

Private: No

Hi there,

the attached patch fixes the vulnerability CVE-2015-3885 which made the function ljpeg_start() in dcraw (and all programs using the affected code) susceptible to writing long past the end of the array data if the length field in the header of the file was smaller than 2.

The patch is basically identical to the one I submitted for dcraw.

1 Attachments

ufraw-0.21-CVE-2015-3885.patch

Discussion

Niels Kristian Bech Jensen - 2015-05-22

status: open --> closed-fixed
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Niels Kristian Bech Jensen - 2015-05-22

Hi Nils.

Thank you for the report and patch. I have commited it to the cvs repository.

Regards,
Niels Kristian

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

patch for CVE-2015-3885: don't write past array boundaries

Group

Searches

Help

#396 patch for CVE-2015-3885: don't write past array boundaries

Discussion