packages/ImageMagick
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2022-32547

Browse Source 
(cherry picked from commit 262428f70ef10dbb0662b45eaf8f46090c1337e0)
This commit is contained in:
starlet-dx 2022-11-22 18:06:55 +08:00 committed by openeuler-sync-bot
parent 00a411c4bb
commit 0abdc1d4f5
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
CVE-2022-32547.patch Normal file
View File

@ -0,0 +1,43 @@
From eac8ce4d873f28bb6a46aa3a662fb196b49b95d0 Mon Sep 17 00:00:00 2001
From: xiaoxiaoafeifei <lliangliang2007@163.com>
Date: Sat, 9 Apr 2022 20:34:03 +0800
Subject: [PATCH] fix #5033: runtime error: load of misaligned address (#5034)
* fix Division by zero in XMenuWidget() of MagickCore/widget.c
* Fix memory leak in AnimateImageCommand() of MagickWand/animate.c and DisplayImageCommand() of MagickWand/display.c
* fix Division by zero in ReadEnhMetaFile() of coders/emf.c
* Resolve conflicts
* fix issue: outside the range of representable values of type 'unsigned char' at coders/psd.c:1025
* fix error: 4e+26 is outside the range of representable values of type 'unsigned long' at coders/pcl.c:299
* fix #5033:runtime error: load of misaligned address
Co-authored-by: zhailiangliang <zhailiangliang@loongson.cn>
---
MagickCore/property.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/MagickCore/property.c b/MagickCore/property.c
index 8175dd1f73..6e72cac157 100644
--- a/MagickCore/property.c
+++ b/MagickCore/property.c
@@ -1545,12 +1545,12 @@ static MagickBooleanType GetEXIFProperty(const Image *image,
}
case EXIF_FMT_SINGLE:
{
- EXIFMultipleValues(4,"%f",(double) *(float *) p1);
+ EXIFMultipleValues(4,"%f",(double)ReadPropertySignedLong(endian,p1));
break;
}
case EXIF_FMT_DOUBLE:
{
- EXIFMultipleValues(8,"%f",*(double *) p1);
+ EXIFMultipleValues(8,"%f",(double)ReadPropertySignedLong(endian,p1));
break;
}
case EXIF_FMT_STRING:

6
ImageMagick.spec
View File

@ -1,7 +1,7 @@
Name: ImageMagick
Epoch: 1
Version: 7.1.0.28
Release: 4
Release: 5
Summary: Create, edit, compose, or convert bitmap images
License: ImageMagick and MIT
Url: http://www.imagemagick.org/
@ -13,6 +13,7 @@ Patch0003: CVE-2022-3213-pre1.patch
Patch0004: CVE-2022-3213-pre2.patch
Patch0005: CVE-2022-3213-pre3.patch
Patch0006: CVE-2022-3213.patch
Patch0007: CVE-2022-32547.patch
BuildRequires: bzip2-devel freetype-devel libjpeg-devel libpng-devel perl-generators
BuildRequires: libtiff-devel giflib-devel zlib-devel perl-devel >= 5.8.1 jbigkit-devel
@ -167,6 +168,9 @@ rm PerlMagick/demo/Generic.ttf
%{_libdir}/pkgconfig/ImageMagick*
%changelog
* Tue Nov 22 2022 yaoxin <yaoxin30@h-partners.com> - 1:7.1.0.28-5
- Fix CVE-2022-32547
* Thu Oct 13 2022 chenwenjie <chenwenjie@ncti-gba.cn> - 1:7.1.0.28-4
- fix CVE-2022-3213