Closed
Description
There are two functions similar to vulnerable function with id CVE-2017-14041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 with issue id (#997 ).
Below is the patch for CVE-2017-14041.
e528531

Below are two functions that similar to the vulnerable function.
- src/bin/jp3d/convert.c (pgxtovolume)
for (s = 0; s < sliceno; s++) {
int pos = maxslice == sliceno ? s : pgxslicepos[s];
f = fopen(pgxfiles[pos], "rb");
if (!f) {
fprintf(stdout, "[ERROR] Failed to open %s for reading !\n", pgxfiles[s]);
return NULL;
}
fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]);
fseek(f, 0, SEEK_SET);
fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2,
signtmp, &prec, temp, &w, temp, &h);
i = 0;
sign = '+';
while (signtmp[i] != '\0') {
if (signtmp[i] == '-') {
sign = '-';
}
i++;
}
- src/bin/jpwl/convert.c (pgxtoimage)
fseek(f, 0, SEEK_SET);
if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
&endian2, signtmp, &prec, temp, &w, temp, &h) != 9) {
fprintf(stderr,
"ERROR: Failed to read the right number of element from the fscanf() function!\n");
fclose(f);
return NULL;
}
I think there are vulnerabilities in those two functions, too. Therefore, there should be patches for those two functions.
Metadata
Metadata
Assignees
Labels
No labels

