From 244c227090d612d99fc978380bfaefd80b02a4e4 Mon Sep 17 00:00:00 2001 From: "erikdervishi.edu@gmail.com" Date: Thu, 15 Jan 2026 00:40:59 +0100 Subject: [PATCH 1/2] fix: resolve stack overflow vulnerability in Embedder.cc --- src/Embedder.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Embedder.cc b/src/Embedder.cc index 25f748e..75d5d2a 100644 --- a/src/Embedder.cc +++ b/src/Embedder.cc @@ -157,7 +157,7 @@ void Embedder::embed () cvrstring = "\"" + Args.CvrFn.getValue() + "\"" ; } char buf[200] ; - sprintf (buf, _("embedding %s in %s..."), embstring.c_str(), cvrstring.c_str()) ; + snprintf(buf, sizeof(buf), _("embedding %s in %s..."), embstring.c_str(), cvrstring.c_str()); prout = new ProgressOutput (std::string(buf)) ; } From 43781df690ced9e399ad447c747eb164ca142433 Mon Sep 17 00:00:00 2001 From: "erikdervishi.edu@gmail.com" Date: Thu, 15 Jan 2026 12:14:55 +0100 Subject: [PATCH 2/2] Fix for DoS via Memory Exhaustion (CWE-770) --- src/BmpFile.cc | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/src/BmpFile.cc b/src/BmpFile.cc index ae0e93b..010573e 100644 --- a/src/BmpFile.cc +++ b/src/BmpFile.cc @@ -765,6 +765,16 @@ void BmpFile::readdata () paddinglength = 4 - (linelength % 4) ; } + unsigned long long total_bytes_needed = (unsigned long long)height * (unsigned long long)linelength; + + const unsigned long long MAX_ALLOWED_BYTES = 500ULL * 1024ULL * 1024ULL; + + if (total_bytes_needed > MAX_ALLOWED_BYTES) { + fprintf(stderr, "[!] SECURITY ERROR: BMP file requires %llu bytes, which exceeds the limit of %llu bytes.\n", total_bytes_needed, MAX_ALLOWED_BYTES); + fprintf(stderr, "[!] Execution aborted to prevent Memory Exhaustion/DoS.\n"); + exit(1); + } + BitmapData.resize (height * linelength) ; for (unsigned long line = 0 ; line < height ; line++) { for (unsigned long posinline = 0 ; posinline < linelength ; posinline++) {