there is a potential integer overflow in the validation code that could render the whole validation useless. (img->ysize * 3) on itself could overflow.
The text was updated successfully, but these errors were encountered:
The maximum dimensions of an image are 2^27-1, so it is impossible for "img->ysize * 3" to overflow a 32-bit integer. See the range checks prior to the buffer size check...
michaelrsweet commentedOct 17, 2008
Version: 1.3.9
CUPS.org User: iljavs
in _cupsImageReadPNG() the following calculation is made:
there is a potential integer overflow in the validation code that could render the whole validation useless. (img->ysize * 3) on itself could overflow.
The text was updated successfully, but these errors were encountered: