Bug#890548: Stack buffer overflows
Control: retitle -1 leptonlib: CVE-2018-7186: Stack buffer overflows Control: tags -1 + patch Hi, On Thu, Feb 15, 2018 at 01:34:04PM -0800, Jeff Breidenbach wrote: > This is just about strings, right? So something like this will fix the > problem > and resolve this bug? Or am I missing something? > > char buf[L_BUF_SIZE]; > - fscanf(fp, "Rootname: %s\n", buf); > + fscanf(fp, "Rootname: %L_BUF_SIZE_MINUS_ONEs%\n", buf); Those seem to have been adressed upstream with commit https://github.com/DanBloomberg/leptonica/commit/ee301cb2029db8a6289c5295daa42bba7715e99a Regards, Salvatore
Bug#890548: Stack buffer overflows
This is just about strings, right? So something like this will fix the problem and resolve this bug? Or am I missing something? char buf[L_BUF_SIZE]; - fscanf(fp, "Rootname: %s\n", buf); + fscanf(fp, "Rootname: %L_BUF_SIZE_MINUS_ONEs%\n", buf);
Bug#890548: Stack buffer overflows
Source: leptonlib Version: 1.74.4-2 Severity: serious Tags: security upstream gplotRead() and ptaReadStream() read strings into stack buffers using fscanf() without a length limit. Ben. -- System Information: Debian Release: buster/sid APT prefers unstable-debug APT policy: (500, 'unstable-debug'), (500, 'stable-updates'), (500, 'stable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-3-amd64 (SMP w/4 CPU cores) Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8), LANGUAGE=en_GB.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled