Processing a specially crafted PDF file or JBIG2 image could lead to a crash or the execution of arbitrary code. Poppler prior to and including 22.08.0 contains an integer overflow in the JBIG2 decoder (JBIG2Stream::readTextRegionSeg() in ). After that, because it is used as the third argument to copy_from_user(), a heap overflow may occur. In pxa3xx_gcu_write in drivers/video/fbdev/pxa3xx-gcu.c, the count parameter has a type conflict of size_t versus int, causing an integer overflow and bypassing the size check. GNU oSIP v5.3.0 was discovered to contain an integer overflow via the component osip_body_parse_header.Īn issue was discovered in the Linux kernel before 5.19.
0 Comments
Leave a Reply. |