Bug 790784 - (CVE-2017-17784) heap overread in gbr parser / load_image.
We were assuming the input name was well formed, hence was nul-terminated. As any data coming from external input, this has to be thorougly checked. Similar to commit 06d24a79 but adapted to older gimp-2-8 code.
parent
decab3bf
Please register or sign in to comment