packages/GraphicsMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
GraphicsMagick/CVE-2019-12921.patch
maminjie 45c8317c00 fix some CVEs 
CVE-2018-18544
CVE-2019-7397
CVE-2019-11005
CVE-2019-11006
CVE-2019-11010
CVE-2019-12921
CVE-2020-10938
CVE-2020-12672
2020-09-19 18:21:55 +08:00

40 lines
1.3 KiB
Diff
Raw Blame History

From 1b5507f188dd0cd76099348c5f151a8ba61a812d Mon Sep 17 00:00:00 2001
From: maminjie <maminjie1@huawei.com>
Date: Sat, 19 Sep 2020 16:39:22 +0800
Subject: [PATCH] fix CVE-2019-12921
the text filename component potentially allows to read arbitrary files via TranslateTextEx for SVG
refers to https://build.opensuse.org/request/show/788214
---
magick/render.c | 11 ++++++++---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/magick/render.c b/magick/render.c
index 3caf603..75bbe2f 100644
--- a/magick/render.c
+++ b/magick/render.c
@@ -2360,11 +2360,16 @@ DrawImage(Image *image,const DrawInfo *draw_info)
if (*draw_info->primitive == '\0')
return(MagickFail);
(void) LogMagickEvent(RenderEvent,GetMagickModule(),"begin draw-image");
- if (*draw_info->primitive != '@')
- primitive=AllocateString(draw_info->primitive);
- else
+ /*
+ Read primitive from file if supplied primitive starts with '@' and
+ we are not already drawing.
+ */
+ if ((*draw_info->primitive == '@') &&
+ (DrawImageGetCurrentRecurseLevel(image) == 1))
primitive=(char *)
FileToBlob(draw_info->primitive+1,&length,&image->exception);
+ else
+ primitive=AllocateString(draw_info->primitive);
if (primitive == (char *) NULL)
return(MagickFail);
primitive_extent=strlen(primitive);
--
2.23.0
Reference in New Issue View Git Blame Copy Permalink