packages/ghostscript
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!39 fix CVE-2023-38559

Browse Source 
From: @li_ning_jie 
Reviewed-by: @licihua 
Signed-off-by: @licihua
This commit is contained in:
openeuler-ci-bot 2023-08-18 03:20:57 +00:00 committed by Gitee
commit 957e99bde0
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
CVE-2023-38559.patch Normal file
View File

@ -0,0 +1,27 @@
From d81b82c70bc1fb9991bb95f1201abb5dea55f57f Mon Sep 17 00:00:00 2001
From: Chris Liddell <chris.liddell@artifex.com>
Date: Mon, 17 Jul 2023 14:06:37 +0100
Subject: [PATCH] Bug 706897: Copy pcx buffer overrun fix from
devices/gdevpcx.c
Bounds check the buffer, before dereferencing the pointer.
---
base/gdevdevn.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/base/gdevdevn.c b/base/gdevdevn.c
index 7b14d9c71..6351fb77a 100644
--- a/base/gdevdevn.c
+++ b/base/gdevdevn.c
@@ -1983,7 +1983,7 @@ devn_pcx_write_rle(const byte * from, const byte * end, int step, gp_file * file
byte data = *from;
from += step;
- if (data != *from || from == end) {
+ if (from >= end || data != *from) {
if (data >= 0xc0)
gp_fputc(0xc1, file);
} else {
--
2.41.0.windows.3

9
ghostscript.spec
View File

@ -9,7 +9,7 @@
Name: ghostscript
Version: 9.52
Release: 7
Release: 8
Summary: An interpreter for PostScript and PDF files
License: AGPLv3+
URL: https://ghostscript.com/
@ -49,6 +49,7 @@ Patch30: backport-CVE-2021-45949.patch
Patch31: backport-Fix-pdfwrite-d-mode-with-file-permissions.patch
Patch32: backport-Coverity-361429-move-break-to-correct-place.patch
Patch33: backport-CVE-2021-3781-BUg-704342-Include-device-specifier-strings-in-acces.patch
Patch34: CVE-2023-38559.patch
BuildRequires: automake gcc
BuildRequires: adobe-mappings-cmap-devel adobe-mappings-pdf-devel
@ -209,6 +210,12 @@ install -m 0755 -d %{buildroot}%{_datadir}/%{name}/conf.d/
%{_bindir}/dvipdf
%changelog
* Tue Aug 15 2023 liningjie <liningjie@xfusion.com> - 9.52-8
- Type:CVE
- ID:CVE-2023-38559
- SUG:NA
- DESC:fix CVE-2023-38559
* Tue Mar 1 2022 yangzhuangzhuang <yangzhuangzhuang1@h-partners.com> - 9.52-7
- Type:CVE
- ID:CVE-2021-3781