Similar vulnerable functions related to CVE-2017-14041

[YangY-Xiao]

There are two functions similar to vulnerable function with id CVE-2017-14041 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14041 with issue id (#997 ).

Below is the patch for CVE-2017-14041.
e528531

Below are two functions that similar to the vulnerable function.

1. src/bin/jp3d/convert.c (pgxtovolume)

    for (s = 0; s < sliceno; s++) {
        int pos = maxslice == sliceno ? s : pgxslicepos[s];
        f = fopen(pgxfiles[pos], "rb");
        if (!f) {
            fprintf(stdout, "[ERROR] Failed to open %s for reading !\n", pgxfiles[s]);
            return NULL;
        }    
        fprintf(stdout, "[INFO] Loading %s \n", pgxfiles[pos]);

        fseek(f, 0, SEEK_SET);
        fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1, &endian2,
               signtmp, &prec, temp, &w, temp, &h); 

        i = 0; 
        sign = '+'; 
        while (signtmp[i] != '\0') {
            if (signtmp[i] == '-') {
                sign = '-'; 
            }    
            i++; 
        }

2. src/bin/jpwl/convert.c (pgxtoimage)

    fseek(f, 0, SEEK_SET);
    if (fscanf(f, "PG%[ \t]%c%c%[ \t+-]%d%[ \t]%d%[ \t]%d", temp, &endian1,
               &endian2, signtmp, &prec, temp, &w, temp, &h) != 9) { 
        fprintf(stderr,
                "ERROR: Failed to read the right number of element from the fscanf() function!\n");
        fclose(f);
        return NULL;
    }

I think there are vulnerabilities in those two functions, too. Therefore, there should be patches for those two functions.

[hlef]

Assigned CVE-2017-17480. I have submitted a PR addressing this issue.

[eslerm]

Vulnerability in pgxtoimage function was assigned CVE-2017-17479.

Vulnerability in pgxtovolume function was assigned CVE-2017-17480.