Naive me! The fscanf() function is able to read in all sort of garbage.
Really, this issue points to a bigger problem. A lot more checks have to
be added to sanitize input, both in read.c and read1_3.c. Nevertheless,
here is a patch that solves the specific issue reported here and the
related on
Thomas Loimer schrieb am Mittwoch, den 08. November 2017:
> thank you for the bug report. This specific issue is quite easy to
> resolve, since the position in the code where this bug is triggered
> is indicated,
I'm happy to receive a patch or an update :-)
> Do you know, in which way fig2dev i
Package: fig2dev
Version: 1:3.2.6a-4
Severity: important
Tags: security
out of bound read while running fig2dev with -L tikz option
Running 'fig2dev -L tikz poc' with the attached file raises out of bound read
bug
which may allow a remote attack to cause a denial-of-service attack or
informatio
3 matches
Mail list logo
