diff options
author | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-04-13 12:27:10 -0700 |
---|---|---|
committer | Alan Coopersmith <alan.coopersmith@oracle.com> | 2013-05-04 19:05:02 -0700 |
commit | 5dcfa6a8cf2df39828da733e5945e730518c27b3 (patch) | |
tree | 3b2c8058bef05c3bb1b8315aeed94d33838e7115 /man/XDGAOpenFramebuffer.man | |
parent | f4a8dd63af518640468d82948f450aad4b2b1e6a (diff) |
buffer overflow in XDGAQueryModes() [CVE-2013-2000 1/2]
When reading the name strings for the modes off the network, we never
checked to make sure the length of the individual name strings didn't
overflow the size of the buffer we'd allocated based on the reported
rep.length for the total reply size.
Reported-by: Ilja Van Sprundel <ivansprundel@ioactive.com>
Signed-off-by: Alan Coopersmith <alan.coopersmith@oracle.com>
Diffstat (limited to 'man/XDGAOpenFramebuffer.man')
0 files changed, 0 insertions, 0 deletions