packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!190 [sync] PR-188: Fix CVE-2023-3428

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @wang--ge 
Signed-off-by: @wang--ge
This commit is contained in:
openeuler-ci-bot 2023-07-25 00:57:40 +00:00 committed by Gitee
commit 82ecaf8780
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 30 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CVE-2023-3428.patch Normal file
View File

@ -0,0 +1,25 @@
From 0d00400727170b0540a355a1bc52787bc7bcdea5 Mon Sep 17 00:00:00 2001
From: Cristy <urban-warrior@imagemagick.org>
Date: Mon, 26 Jun 2023 19:39:43 -0400
Subject: [PATCH] heap-buffer-overflow in ImageMagick <= 7.1.1-12, contributed
by Hardik shah of Vehere (Dawn Treaders team)
Origin: https://github.com/ImageMagick/ImageMagick6/commit/0d00400727170b0540a355a1bc52787bc7bcdea5
---
coders/tiff.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/coders/tiff.c b/coders/tiff.c
index d6a818644..9b0d16d59 100644
--- a/coders/tiff.c
+++ b/coders/tiff.c
@@ -1917,7 +1917,7 @@ static Image *ReadTIFFImage(const ImageInfo *image_info,
number_pixels=(MagickSizeType) columns*rows;
if (HeapOverflowSanityCheck(rows,sizeof(*tile_pixels)) != MagickFalse)
ThrowTIFFException(ResourceLimitError,"MemoryAllocationFailed");
- extent=4*(samples_per_pixel+1)*MagickMax(rows*TIFFTileRowSize(tiff),
+ extent=4*(samples_per_pixel+1)*MagickMax((rows+1)*TIFFTileRowSize(tiff),
TIFFTileSize(tiff));
tile_pixels=(unsigned char *) AcquireQuantumMemory(extent,
sizeof(*tile_pixels));

6
ImageMagick.spec
View File

@ -1,12 +1,13 @@
Name: ImageMagick Name: ImageMagick
Epoch: 1 Epoch: 1
Version: 6.9.12.86 Version: 6.9.12.86
Release: 2 Release: 3
Summary: Create, edit, compose, or convert bitmap images Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT License: ImageMagick and MIT
Url: http://www.imagemagick.org/ Url: http://www.imagemagick.org/
Source0: https://www.imagemagick.org/download/ImageMagick-6.9.12-86.tar.xz Source0: https://www.imagemagick.org/download/ImageMagick-6.9.12-86.tar.xz
Patch0: CVE-2023-34151.patch Patch0: CVE-2023-34151.patch
Patch1: CVE-2023-3428.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -164,6 +165,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick++* %{_libdir}/pkgconfig/ImageMagick++*
%changelog %changelog
* Mon Jul 24 2023 wangkai <13474090681@163.com> - 1:6.9.12.86-3
- Fix CVE-2023-3428
* Thu Jun 08 2023 wangkai <13474090681@163.com> - 1:6.9.12.86-2 * Thu Jun 08 2023 wangkai <13474090681@163.com> - 1:6.9.12.86-2
- Fix CVE-2023-34151 - Fix CVE-2023-34151