Fix CVE-2023-5341

(cherry picked from commit d747ae558752842905189b21b2f0fab825cadd76)
2023-10-07 10:52:42 +08:00 · 2023-10-07 10:52:42 +08:00 · 64afdf3b42
commit 64afdf3b42
parent 8da97a2f31
2 changed files with 32 additions and 1 deletions
--- a/CVE-2023-5341.patch
+++ b/CVE-2023-5341.patch
@ -0,0 +1,27 @@
+From 27411f1d1d3a0b328cede4a808525ee237cb415b Mon Sep 17 00:00:00 2001
+From: Cristy <urban-warrior@imagemagick.org>
+Date: Sat, 7 Oct 2023 10:48:39 +0800
+Subject: [PATCH] check for BMP file size, poc provided by Hardik Shah of
+ Vehere (Dawn Treaders team)
+
+---
+ coders/bmp.c | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/coders/bmp.c b/coders/bmp.c
+index 6f9b57b..5e6dac3 100644
+--- a/coders/bmp.c
+++ b/coders/bmp.c
+@@ -635,6 +635,9 @@ static Image *ReadBMPImage(const ImageInfo *image_info,ExceptionInfo *exception)
+         "  BMP header size: %u",bmp_info.size);
+     if (bmp_info.size > 124)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+    if ((bmp_info.file_size != 0) &&
+        ((MagickSizeType) bmp_info.file_size > GetBlobSize(image)))
+      ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     if (bmp_info.offset_bits < bmp_info.size)
+       ThrowReaderException(CorruptImageError,"ImproperImageHeader");
+     profile_data=0;
+-- 
+2.27.0
+
--- a/ImageMagick.spec
+++ b/ImageMagick.spec
@ -1,7 +1,7 @@
 Name:           ImageMagick
 Epoch:          1
 Version:        6.9.12.86
-Release:        4
+Release:        5
 Summary:        Create, edit, compose, or convert bitmap images
 License:        ImageMagick and MIT
 Url:            http://www.imagemagick.org/
@ -9,6 +9,7 @@ Source0:        https://www.imagemagick.org/download/ImageMagick-6.9.12-86.tar.x
 Patch0:         CVE-2023-34151.patch
 Patch1:         CVE-2023-3428.patch
 Patch2:         CVE-2023-39978.patch
+Patch3:         CVE-2023-5341.patch

 BuildRequires:  bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
 BuildRequires:  libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -166,6 +167,9 @@ rm PerlMagick/demo/Generic.ttf
 %{_libdir}/pkgconfig/ImageMagick++*

 %changelog
+* Sat Oct 7 2023 liningjie <liningjie@xfusion.com> - 1:6.9.12.86-5
+- Fix CVE-2023-5341
+
 * Mon Aug 14 2023 wangkai <13474090681@163.com> - 1:6.9.12.86-4
 - Fix CVE-2023-39978