packages/GraphicsMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2022-1270

Browse Source 
(cherry picked from commit 1415a297ec393a54ba6bd173d13940c2be8a9be2)
This commit is contained in:
houyingchao 2022-07-11 16:43:33 +08:00 committed by openeuler-sync-bot
parent b2ba8b1918
commit c05343b5b5
2 changed files with 94 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

89
CVE-2022-1270.patch Normal file
View File

@ -0,0 +1,89 @@
# HG changeset patch
# User Bob Friesenhahn <bfriesen@GraphicsMagick.org>
# Date 1648301533 18000
# Node ID 94f4bcf448ad29d6d8470e444038402d34fbba12
# Parent 07c1e6eeffb8cb2abb9ede843a45ba7e5435b3b0
ReadMIFFImage(): Validate claimed bzip2-compressed row length prior to reading data into fixed size buffer.
---
ChangeLog | 7 +++++++
coders/miff.c | 11 +++++++++++
magick/version.h | 2 ++
www/Changelog.html | 7 +++++++
4 files changed, 27 insertions(+)
diff --git a/ChangeLog b/ChangeLog
index a89c828..5116ad0 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,10 @@
+2022-03-26 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
+ * coders/miff.c (ReadMIFFImage): Validate claimed bzip2-compressed
+ row length prior to reading data into fixed size buffer.
+ Addresses SourceForge bug #664 "[bug]Heap buffer overflow when
+ parsing MIFF". This severe bug only impacts builds with BZLIB
+ support.
+
2019-04-17 Bob Friesenhahn <bfriesen@simple.dallas.tx.us>
* coders/xwd.c (ReadXWDImage): Added even more XWD header
validation logic. Addresses problems noted by email from Hongxu
diff --git a/coders/miff.c b/coders/miff.c
index 00813c4..9149a15 100644
--- a/coders/miff.c
+++ b/coders/miff.c
@@ -1674,9 +1674,20 @@ static Image *ReadMIFFImage(const ImageInfo *image_info,
else
{
length=ReadBlobMSBLong(image);
+ if (image->logging)
+ (void) LogMagickEvent(CoderEvent,GetMagickModule(),
+ "length = %"MAGICK_SIZE_T_F"u",
+ (MAGICK_SIZE_T) length);
+ if ((length == 0) || (length > compressed_length))
+ {
+ (void) BZ2_bzDecompressEnd(&bzip_info);
+ ThrowMIFFReaderException(CorruptImageError,UnableToUncompressImage,
+ image);
+ }
bzip_info.avail_in=(unsigned int) ReadBlob(image,length,bzip_info.next_in);
if ((size_t) bzip_info.avail_in != length)
{
+ (void) BZ2_bzDecompressEnd(&bzip_info);
ThrowMIFFReaderException(CorruptImageError,UnexpectedEndOfFile,
image);
}
diff --git a/magick/version.h b/magick/version.h
index a9e0dca..1e17abc 100644
--- a/magick/version.h
+++ b/magick/version.h
@@ -40,6 +40,8 @@ extern "C" {
#define MagickLibVersionNumber 21,18,1
#define MagickChangeDate "20190417"
#define MagickReleaseDate "snapshot-20190417"
+#define MagickChangeDate "20220326"
+#define MagickReleaseDate "snapshot-20220326"
/*
The MagickLibInterfaceNewest and MagickLibInterfaceOldest defines
diff --git a/www/Changelog.html b/www/Changelog.html
index e5a21da..5ec8096 100644
--- a/www/Changelog.html
+++ b/www/Changelog.html
@@ -34,6 +34,13 @@
</div>
<div class="document">
+<p>2022-03-26 Bob Friesenhahn &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
+<blockquote>
+* coders/miff.c (ReadMIFFImage): Validate claimed bzip2-compressed
+row length prior to reading data into fixed size buffer.
+Addresses SourceForge bug #664 &quot;[bug]Heap buffer overflow when
+parsing MIFF&quot;. This severe bug only impacts builds with BZLIB
+support.</blockquote>
<p>2019-04-17 Bob Friesenhahn &lt;<a class="reference external" href="mailto:bfriesen&#37;&#52;&#48;simple&#46;dallas&#46;tx&#46;us">bfriesen<span>&#64;</span>simple<span>&#46;</span>dallas<span>&#46;</span>tx<span>&#46;</span>us</a>&gt;</p>
<blockquote>
<ul class="simple">
--
2.23.0

6
GraphicsMagick.spec
View File

@ -10,7 +10,7 @@
Name: GraphicsMagick
Version: 1.3.30
Release: 8
Release: 9
Summary: Derived from ImageMagick, providing faster image generation speed and better quality
License: MIT
Source0: http://downloads.sourceforge.net/sourceforge/graphicsmagick/GraphicsMagick-%{version}.tar.xz
@ -32,6 +32,7 @@ Patch0012: CVE-2019-12921.patch
Patch0013: CVE-2020-10938.patch
Patch0014: CVE-2020-12672.patch
Patch0015: CVE-2019-11473-CVE-2019-11474.patch
Patch0016: CVE-2022-1270.patch
BuildRequires: bzip2-devel freetype-devel gcc-c++ giflib-devel lcms2-devel libjpeg-devel
BuildRequires: libpng-devel librsvg2-devel libtiff-devel libtool-ltdl-devel libxml2-devel lpr
@ -230,6 +231,9 @@ time %make_build check ||:
%changelog
* Mon Jul 11 2022 houyingchao <houyingchao@h-partners.com> - 1.3.30-9
- Fix CVE-2022-1270
* Mon Dec 07 2020 caodongxia <caodongxia@huawei.com> - 1.3.30-8
- fix CVE-2019-11473 CVE-2019-11474