Control: retitle -1 leptonlib: CVE-2018-7186: Stack buffer overflows Control: tags -1 + patch
Hi, On Thu, Feb 15, 2018 at 01:34:04PM -0800, Jeff Breidenbach wrote: > This is just about strings, right? So something like this will fix the > problem > and resolve this bug? Or am I missing something? > > char buf[L_BUF_SIZE]; > - fscanf(fp, "Rootname: %s\n", buf); > + fscanf(fp, "Rootname: %L_BUF_SIZE_MINUS_ONEs%\n", buf); Those seem to have been adressed upstream with commit https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a Regards, Salvatore