Page MenuHome

Fix buffer overflows in TIFF, PNG, IRIS, DPX, HDR and AVI loading.
ClosedPublic

Authored by Brecht Van Lommel (brecht) on Jan 14 2018, 4:41 PM.

Details

Summary

Solves these security issues from T52924:
CVE-2017-2899
CVE-2017-2900
CVE-2017-2901
CVE-2017-2902
CVE-2017-2903
CVE-2017-2904
CVE-2017-2905
CVE-2017-2906
CVE-2017-2907
CVE-2017-2918

These should be all issues that do not involve a specially crafted .blend file.
However the fixes have not been verified, since the repro cases do not appear
to be publicly available yet.

Diff Detail

Repository
rB Blender

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Jan 17 2018, 8:30 PM
This revision was automatically updated to reflect the committed changes.