Subject: Integer overflow in the cdf_read_property_info function allows remote attackers to cause a denial of service
ID: CVE-2014-3587
Author: Christos Zoulas <christos@zoulas.com>
Date: Thu Aug 7 09:38:35 2014 +0000
Origin:
commit 0641e56be1af003aa02c7c6b0184466540637233
Debian-Author: Christoph Biedl <debian.axhn@manchmal.in-ulm.de>
Last-Update: 2014-09-07

    Prevent wrap around (Remi Collet at redhat)

--- a/src/cdf.c
+++ b/src/cdf.c
@@ -824,6 +824,10 @@ cdf_read_property_info(const cdf_stream_
 		q = (const uint8_t *)(const void *)
 		    ((const char *)(const void *)p + ofs
 		    - 2 * sizeof(uint32_t));
+		if (q < p) {
+			DPRINTF(("Wrapped around %p < %p\n", q, p));
+			goto out;
+		}
 		if (q > e) {
 			DPRINTF(("Ran of the end %p > %p\n", q, e));
 			goto out;