On Thu, Aug 29, 2019 at 06:19:45PM +0800, Hung-Te Lin wrote:
> The VPD implementation from Chromium Vital Product Data project used to
> parse data from untrusted input without checking if there is invalid
> data (for example the if the size becomes negative, or larger than whole
> input buffer), w
The VPD implementation from Chromium Vital Product Data project used to
parse data from untrusted input without checking if there is invalid
data (for example the if the size becomes negative, or larger than whole
input buffer), which may cause buffer overflow on corrupted data.
To fix that, the u
2 matches
Mail list logo
