When converting pbm files using g3/pbm2g3.c, out of bounds accesses can occur with malformed input files in putwhitespan(). References: https://www.x41-dsec.de/lab/advisories/x41-2018-007-mgetty
Created mgetty tracking bugs for this issue: Affects: fedora-all [bug 1629986]
The main function in g3/pbm2g3.c does not check whether `xsize` and `ysize` variables are negative, which result in an out-of-bounds read in putwhitespan() when called from convert_pbm().
Created attachment 1486347 [details] upstream patch This patch was extracted from mgetty-1.2.1.
Closing as NOTABUG as it was not deemed to be CVE-worthy.
mgetty-1.1.37-10.fc28 has been pushed to the Fedora 28 stable repository. If problems still persist, please make note of it in this bug report.
mgetty-1.1.37-11.fc29 has been pushed to the Fedora 29 stable repository. If problems still persist, please make note of it in this bug report.