[Buildroot] [PATCH 1/1] package/gd: fix CVE-2021-38115
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Sun Aug 15 14:55:23 UTC 2021
On Sat, 14 Aug 2021 22:43:54 +0200
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
> read_header_tga in gd_tga.c in the GD Graphics Library (aka LibGD)
> through 2.3.2 allows remote attackers to cause a denial of service
> (out-of-bounds read) via a crafted TGA file.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> ...-of-bands-in-reading-tga-header-file.patch | 29 +++++++++++++++++++
> package/gd/gd.mk | 3 ++
> 2 files changed, 32 insertions(+)
> create mode 100644 package/gd/0001-fix-read-out-of-bands-in-reading-tga-header-file.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list