Fix CVE-2023-3428
(cherry picked from commit 67954f75f88ee3ff9894a01371edfa92a7c23000)
This commit is contained in:
wk333
openeuler-sync-bot
parent
64461435bc
commit
6df0c43b52
25
CVE-2023-3428.patch
Normal file
25
CVE-2023-3428.patch
Normal file
@ -0,0 +1,25 @@
|
||||
From 0d00400727170b0540a355a1bc52787bc7bcdea5 Mon Sep 17 00:00:00 2001
|
||||
From: Cristy <urban-warrior@imagemagick.org>
|
||||
Date: Mon, 26 Jun 2023 19:39:43 -0400
|
||||
Subject: [PATCH] heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed
|
||||
by Hardik shah of Vehere (Dawn Treaders team)
|
||||
|
||||
Origin: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5
|
||||
|
||||
---
|
||||
coders/tiff.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/coders/tiff.c b/coders/tiff.c
|
||||
index d6a818644..9b0d16d59 100644
|
||||
--- a/coders/tiff.c
|
||||
+++ b/coders/tiff.c
|
||||
@@ -1917,7 +1917,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
|
||||
number_pixels=(MagickSizeType) columns*rows;
|
||||
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
|
||||
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
|
||||
- extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
|
||||
+ extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
|
||||
TIFFTileSize(tiff));
|
||||
tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
|
||||
sizeof(*tile_pixels));
|
||||
@ -1,12 +1,13 @@
|
||||
Name: ImageMagick
|
||||
Epoch: 1
|
||||
Version: 6.9.12.86
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: Create, edit, compose, or convert bitmap images
|
||||
License: ImageMagick and MIT
|
||||
Url: http://www.imagemagick.org/
|
||||
Source0: https://www.imagemagick.org/download/ImageMagick-6.9.12-86.tar.xz
|
||||
Patch0: CVE-2023-34151.patch
|
||||
Patch1: CVE-2023-3428.patch
|
||||
|
||||
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
|
||||
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
|
||||
@ -164,6 +165,9 @@ rm PerlMagick/demo/Generic.ttf
|
||||
%{_libdir}/pkgconfig/ImageMagick++*
|
||||
|
||||
%changelog
|
||||
* Mon Jul 24 2023 wangkai <13474090681@163.com> - 1:6.9.12.86-3
|
||||
- Fix CVE-2023-3428
|
||||
|
||||
* Thu Jun 08 2023 wangkai <13474090681@163.com> - 1:6.9.12.86-2
|
||||
- Fix CVE-2023-34151
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user