summaryrefslogtreecommitdiff
path: root/media-libs/libcue/files/CVE-2023-43641.patch
diff options
context:
space:
mode:
Diffstat (limited to 'media-libs/libcue/files/CVE-2023-43641.patch')
-rw-r--r--media-libs/libcue/files/CVE-2023-43641.patch15
1 files changed, 15 insertions, 0 deletions
diff --git a/media-libs/libcue/files/CVE-2023-43641.patch b/media-libs/libcue/files/CVE-2023-43641.patch
new file mode 100644
index 000000000000..b94de663aaa0
--- /dev/null
+++ b/media-libs/libcue/files/CVE-2023-43641.patch
@@ -0,0 +1,15 @@
+https://github.blog/2023-10-09-coordinated-disclosure-1-click-rce-on-gnome-cve-2023-43641/
+
+diff --git a/cd.c b/cd.c
+index cf77a18..4bbea19 100644
+--- a/cd.c
++++ b/cd.c
+@@ -339,7 +339,7 @@ track_get_rem(const Track* track)
+
+ void track_set_index(Track *track, int i, long ind)
+ {
+- if (i > MAXINDEX) {
++ if (i < 0 || i > MAXINDEX) {
+ fprintf(stderr, "too many indexes\n");
+ return;
+ }
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-07 10:58:29 +0000