From: Tobias Geerinckx-Rice Date: Thu, 28 Feb 2019 20:29:00 +0100 Subject: [PATCH] netpbm: Fix CVE-2017-2586. Copied verbatim from Debian[0]. [0]: https://sources.debian.org/data/main/n/netpbm-free/2:10.78.05-0.1/debian/patches/netpbm-CVE-2017-2586.patch --- diff -urNp old/converter/other/svgtopam.c new/converter/other/svgtopam.c --- old/converter/other/svgtopam.c 2017-02-08 12:11:02.593690917 +0100 +++ new/converter/other/svgtopam.c 2017-02-08 12:13:05.192846469 +0100 @@ -676,7 +676,7 @@ stringToUint(const char * const string /* TODO: move this to nstring.c */ - if (strlen(string) == 0) + if (string == NULL || strlen(string) == 0) pm_asprintf(errorP, "Value is a null string"); else { char * tailptr;