Репозитории ALT
| S: | 0.37-alt4 |
| 5.1: | 0.37-alt3.1 |
| 4.1: | 0.37-alt3.1 |
| 4.0: | 0.37-alt3.1 |
| 3.0: | 0.36.1-alt1 |
| +backports: | 0.37-alt0.M30.1 |
Другие репозитории
| Upstream: | 0.37 |
Группа :: Работа с текстами
Пакет: antiword
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: 10_fix_buffer_overflow_wordole_c.patch
Скачать
Скачать
Description: Add check for buffer overflow with malformed input files
This was later re-found and became CVE-2014-8123.
Author: <eriks@debian.org>
Bug-Debian: https://bugs.debian.org/407015
Bug-Debian: https://bugs.debian.org/771768
Forwarded: https://seclists.org/oss-sec/2014/q4/870
Last-Update: 2018-11-30
--- antiword-0.37~/wordole.c 2005-08-26 21:49:57.000000000 +0200
+++ antiword-0.37/wordole.c 2009-06-03 22:31:15.948014682 +0200
@@ -259,6 +259,10 @@
}
tNameSize = (size_t)usGetWord(0x40, aucBytes);
tNameSize = (tNameSize + 1) / 2;
+ if ( tNameSize > sizeof(atPPSlist[iIndex].szName)) {+ werr(0, "Name Size of PPS %d is too large", iIndex);
+ tNameSize = sizeof(atPPSlist[iIndex].szName);
+ }
vName2String(atPPSlist[iIndex].szName, aucBytes, tNameSize);
atPPSlist[iIndex].ucType = ucGetByte(0x42, aucBytes);
if (atPPSlist[iIndex].ucType == 5) {