CHANGES-1.3.txt
---------------
+CHANGES IN CUPS V1.3.10
+
+ - SECURITY: The PNG image reading code did not validate the
+ image size properly, leading to a potential buffer overflow
+ (STR #2974)
+
+
CHANGES IN CUPS V1.3.9
- SECURITY: The HP-GL/2 filter did not range check pen numbers
{
bufsize = img->xsize * img->ysize;
- if ((bufsize / img->ysize) != img->xsize)
+ if ((bufsize / img->xsize) != img->ysize)
{
fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
(unsigned)width, (unsigned)height);
{
bufsize = img->xsize * img->ysize * 3;
- if ((bufsize / (img->ysize * 3)) != img->xsize)
+ if ((bufsize / (img->xsize * 3)) != img->ysize)
{
fprintf(stderr, "DEBUG: PNG image dimensions (%ux%u) too large!\n",
(unsigned)width, (unsigned)height);