Package: libimlib2-dev Version: 1.4.0-1.1 Tags: security Followup-For: Bug #505714
This is another buffer overflow in the XPM loader. (The xpm attached to this bug report is a 32x32 image according to the header, but contains 33x32 pixels.) --- a/src/modules/loaders/loader_xpm.c +++ b/src/modules/loaders/loader_xpm.c @@ -246,8 +246,8 @@ return 0; } ptr = im->data; - end = ptr + (sizeof(DATA32) * w * h); pixels = w * h; + end = ptr + pixels; } else { -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]