We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
libsixel 1.8.2
None
please send email to [email protected] if you have any questions.
An issue was discovered in libsixel 1.8.2, There is an integer overflow in function sixel_decode_raw_impl at fromsixel.c:650
img2sixel @@ -o /dev/null
In a while loop, it do not check if integer overflow is in context->param = context->param * 10 + *p - '0';
context->param = context->param * 10 + *p - '0';
switch (*p) { case '\x1b': context->state = PS_ESC; p++; break; case '0': case '1': case '2': case '3': case '4': case '5': case '6': case '7': case '8': case '9': context->param = context->param * 10 + *p - '0'; p++; break; case ';': if (context->nparams < DECSIXEL_PARAMS_MAX) { context->params[context->nparams++] = context->param; } context->param = 0; p++; break; default:
The text was updated successfully, but these errors were encountered:
CVE-2019-19637 was assigned for this issue.
Sorry, something went wrong.
Merge PR #106, includes security fixes for:
93812d6
- CVE-2018-19759 (#102) - CVE-2019-19635 (#103) - CVE-2019-19636 (#104) - CVE-2019-19637 (#105) Thanks to @YourButterfly!
Merged your PR on v1.8.3. Thanks!
No branches or pull requests
libsixel
version
description
download link
others
[email protected]:650_integer_overflow
description
commandline
source
In a while loop, it do not check if integer overflow is in
context->param = context->param * 10 + *p - '0';
The text was updated successfully, but these errors were encountered: